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Course Description 


Course Description 


Target audience 


The target audience for Administering IBM® Lotus® Domino ™ 6: Building the 
Infrastructure is administrators new to Domino who are responsible for: 

■ Initial install and setup of a basic IBM® Lotus Notes® and Domino™ 6 
infrastructure. 

■ Setup of Domino Mail servers in the corporate intranet and Internet 
environment 


Summary description 


This course covers installation and configuration of a basic Domino infrastructure 
with a single domain using an existing deployment plan. The course also covers 
setting up mail routing in the single-domain environment. 


Course format and duration 


This course format is instructor-led. The course length is two days. 


Course goals 


After completing this course, you should be able to: 

■ Identify basic planning considerations and guidelines. 

■ Identify the process for implementing a Domino infrastructure. 

■ Install the Domino server and Domino Administrator client software. 

■ Set up the first Domino server and Domino Administrator client. 

■ Create regional certifiers. 

■ Create a database to track Domino and Notes registration. 

■ Register servers, users, and administrators per an established naming 
scheme. 

(continued on next page...) 
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Course Description... fronf/nued; 


Course goals... 


■ Set up additional servers and workstations in the Domino domain. 

■ Create user groups. 

■ Create policies. 

■ Set up ID file backup for new users. 

■ Add users to a Domino domain. 

■ Specify administration preferences. 

■ Allow and restrict server access. 

■ Allow administrators access to the Domino Directory. 

■ Specify the level of detail recorded in the Domino Directory. 

■ Create a group for server replication. 

■ Set replication schedule to synchronize Domino system databases. 

■ Configure intranet Domino mail routing. 

■ Establish a mail routing schedule. 

■ Enable and configure SMTP routing. 

■ Restrict mail flow to and from the Internet. 

■ Set delivery controls. 

■ Set mail transfer controls. 

■ Create mail rules. 

■ Establish mail quotas. 

■ Set up server for mail journaling. 

■ Establish an archive policy. 

■ Monitor mail delivery and statistics. 

■ Track mail messages. 

■ Identify troubleshooting tasks. 

■ Test mail connections. 

■ Resolve common mail delivery problems. 
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Course Description 


Course Description ...(continued) 


Topics covered 


The Administering IBM Lotus Domino 6: Building the Infrastructure course covers 
the following topics: 

■ Plan a basic Domino infrastructure. 

■ Install the Domino server software. 

■ Set up the first Domino server. 

■ Create a database to track Domino licenses. 

■ Create additional certifiers for servers and users per an established naming 
scheme. 

■ Create server IDs per an established naming scheme. 

■ Set up servers in the Domino domain per an established naming scheme. 

■ Create user groups. 

■ Create Organizational policy. 

■ Create internal Domino user IDs per an established naming scheme. 

■ Install the Notes workstation software. 

■ Add workstations to a Domino domain. 

■ Specify administration preferences. 

■ Allow and restrict server access. 

■ Allow administrators access to the Domino Directory. 

■ Create a group for server replication. 

■ Set up the replication schedule to synchronize Domino system databases in 
the domain. 

■ Configure intranet Domino mail routing. 

■ Establish a mail routing schedule. 

■ Enable SMTP routing. 

■ Configure basic and advanced settings for SMTP routing. 

■ Enable message controls, using: 

■ Delivery and transfer controls 

■ Restrictions 

■ Quota 

■ Journaling 

■ Mail rules 

■ Archiving policy 

■ Enable message tracking. 

■ Monitor mail routing. 

■ Troubleshoot common mail setup and routing problems. 
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Course Description...(conteeo[i 


Recommended agenda 


The course contains four modules. 

■ Module A: Setting Up the Domino Environment and Module B: Setting Up 
Administration for the Domino Environment describe installation and setup of 
Notes and Domino. 

■ Module C: Setting Up the Messaging Infrastructure describes setup of the mail 
infrastructure. 

■ Module D: Troubleshooting the Messaging Infrastructure describes how to 
monitor and troubleshoot the mail infrastructure. 

The suggested agenda is to cover Modules A and B on Day 1 and Modules C and 

D on Day 2. 


Day 1 


The following table shows the recommended agenda for Day 1 . 


Time 

Lessons or Topics 

15 minutes 

Introductions 

30 minutes 

Lesson 1: Using a Deployment Plan 

60 minutes 

Lesson 2: Setting Up the First Server and Administrator 

15 minutes 

Break 

30 minutes 

Lesson 2: Setting Up the First Server and Administrator (continued) 

60 minutes 

Lesson 3: Adding Domino Sen/ers 

60 minutes 

Lunch 

30 minutes 

Lesson 3: Adding Domino Sen/ers (continued) 

60 minutes 

Lesson 4: Adding Notes Clients 

15 minutes 

Break 

30 minutes 

Lesson 4: Adding Notes Clients (continued) 

60 minutes 

Lesson 5: Setting Up Server Administration 

60 minutes 

Lesson 6: Synchronizing Domino System Databases 
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Course Description 


Course Description... (continued) 

Day 2 


The following table shows the recommended agenda for Day 2. 


Time 

Lessons or Topics 

90 minutes 

Lesson 7: Setting Up Intranet Mail Routing 

15 minutes 

Break 

90 minutes 

Lesson 8: Setting Up Mail Routing to the Internet 

60 minutes 

Lunch 

90 minutes 

Lesson 9: Establishing Mail Controls 

15 minutes 

Break 

60 minutes 

Lesson 10: Monitoring Mail 

90 minutes 

Lesson 11: Resolving Common Mail Problems 
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Lotus Professional Certification 


Lotus Professional 
Certification 


IBM Software Services for Lotus has a robust certification program in support of 
IBM Lotus Notes and Domino technical competencies. For complete information 
on Lotus’ professional certification program, visit the IBM Software Services for 
Lotus Certification Web page at http://www.lotus.com/certification . 


Place in certification 


Administering IBM Lotus Domino 6: Building the Infrastructure is listed as one of 
the preparation resources for the following exam(s): 

■ Notes Domino 6: Building the Infrastructure 


This exam is part of the path for CLP IBM Lotus Domino 6 System Administrator 
certification. The complete path is described below. 


Exam 

Number 

Exam Name 

Certification Earned 

620 

Notes Domino 6 System 
Administration Operating 
Fundamentals 

CLS 

621 

Notes Domino 6: Building the 
Infrastructure 


622 

Notes Domino 6: Managing 

Servers and Users 

CLP (all 3 exams required) 
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Lotus Professional Certification ...(continued) 


Preparing for a Lotus certification exam 


Attending this course and using this Student Guide will help you prepare for 
certification. Some topics covered on the exam are not covered in this course and 
some of the objectives covered in this course are not tested on the exam. Be 
sure to follow all the steps listed in order to prepare fully for the exam. 


Step 

Action 

1 

Review the exam competencies. 

2 

Get hands-on experience. 

3 

Use the Exam Preparation Chart. 

4 

Use all available resources. 


Step 1 : Review the exam competencies 


Review the exam competencies to see the complete listing of possible topics for 
the exam. Use the competency listing as your checklist to determine your 
weaknesses and the areas on which you will want to focus more attention in your 
studies and preparation. 

You will find the competencies listed in: 

■ The Exam Guides located on the IBM Software Services for Lotus Certification 
Web page at http://www.lotus.com/ce rtification . 


Step 2: Get hands-on experience 


Actual hands-on experience is a critical component in preparing for the exam. The 
exam is looking to measure how well you perform tasks, not how well you 
memorize features and functions. 

■ Spend time using the product and applying the skills learned. 

■ Direct application of the skills learned in this class cannot be replaced by any 
other single resource listed here. 
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Lotus Professional Certification. ..(continued) 


Step 3: Use the Exam Preparation Chart 


The Exam Preparation Chart summarizes the learning resources available for 
each individual exam. For the latest exam information, check the IBM Software 
Services for Lotus Certification Web page at http://www.lotus.com/certification . 


Step 4: Use all available resources 


We recommend using a range of resources when preparing to take an exam. 

The following table describes the types of resources available to prepare for 
certification exams. For a listing of resources specific to each exam, use the Exam 
Preparation Chart. 


Resource 

Brief Description 

Where to Find Resource 

Exam guides 

Complete version includes 
certification titles and paths, 
sample questions, and 
registration information. 

Complete version is available on 
the IBM Software Services for 

Lotus Certification Web page at 
httD://www.lotus.com/certification. 

Lotus 

authorized 

courses 

Offered at Lotus Authorized 
Education Centers (LAECs) 
and IBM Software Services for 
Lotus locations worldwide. 

A complete list of courses and 
LAECs are available on the IBM 
Software Services for Lotus 
Education Web page at 
http://www.lotus.com/education. 

CBT programs 

Used as an alternate learning 
tool and/or supplement to 
courses. 

Additional information is available 
at The Education Store on the 

IBM Software Services for Lotus 
Education Web page at 
htto://www.lotus.com/education. 

Practice tests 

Available from a variety of 
vendors. Visit the individual 
exam preparation page to 
determine what practice tests 
are available for a specific 
exam. 

Available from the IBM Software 
Services for Lotus Certification 

Web page at 

httD://www.lotus.com/certification. 


(continued on next page...) 
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Lotus Professional Certification ...(continued) 


Step 4: Use all available resources... 


Resource 

Brief Description 

Where to Find Resource 

Online learning 

May include additional items 
such as Learner-Directed 
Offerings from Lotus software 
and/or authorized course in 
LearningSpace. 

Learner-Directed Offerings from 
IBM Software Services for Lotus 
are available at 

htto://www.lotus.com/education. 

The Notes.net Web site at 
httD://www-1 0.lotus.com/ldd/ 

Ibvtes.nsf. 

See the complete Exam 

Preparation Chart for any 
additional online learning. 

Yellowbooks 

Official Lotus product 
documentation. 

Additional information available at 
The Education Store on the IBM 
Software Services for Lotus 
Education Web page at 
htto://www.lotus.com/education. 

Redbooks 

Technical cookbooks that 
address topics that the 
reference manuals may not 
cover. 

Ordering information is available 
at httD://www.lotus.com/home.nsf/ 

welcome/redbook. 


Preparing for the Notes Domino 6: Building the 
Infrastructure exam 


The following materials are available for the Notes Domino 6: Building the 
Infrastructure exam: 

■ Experience 

■ Exam Guide 

■ Administering IBM Lotus Domino 6: Building the Infrastructure 

■ Domino 6 Help files 

For the most up-to-date resource listing for this exam, visit the IBM Software 
Services for Lotus Certification Web page at http://www.lotus.com/certification . 
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Learning Processes and 
Conventions 
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Learning Processes and Conventions 


Icon Quick Reference 


The following are brief descriptions of each of the learning process icons used in 
this course. 



Assessment 


• l 


Provides feedback to both the student and instructor and can be formal or 
informal. Assessments can be collected and graded or assessment answers are 
provided. 



Case study 


Exercises for discovery and exploration in advanced technical course that focus 
on problem solving. These have no “right” answer. The solution is a set of pros 
and cons and a recommended answer. 


Exercises 


Problem-solving learning processes in which students are given a set of criteria 
that they use to develop a working solution. 

There are two types of exercises: online and paper-based. The following two 
items show the icons that would accompany each. 



Online exercise 


Students complete the exercise using the computer. 



Paper-based exercise 

Students complete the exercise using paper and pencil. 
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Icon Quick Reference... (continued) 



Guided Practice 


Student-centered learning process that allows students to learn by performing a 
task. Guided Practices can be instructor-led or self-paced. 



Procedure 


Generic step-by-step instructions that explain how to perform a task. These are 
always presented in a table format. 



Review 


Reiterates main concepts and can be used to gain feedback, assess learning, 
review critical material, or to transition from one unit to another. 
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Learning Conventions 


Conventions are rules that govern how to display specific types of information. 
The following are learning conventions that may be used within this courseware. 


Cautions are short, descriptive paragraphs meant to warn of potential 
pitfalls or areas where students could experience problems during class 
or back on the job. 

Caution 

Note: Notes may appear in the Student Guide and can be used to note 
differences in content. 

Tip: Tips provide additional guidance, or a hint, for students about a topic or task. 
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Lesson 1 ■ Using a Deployment Plan 



Using a Deployment Plan 


Planning is a critical step in the process of implementing an IBM Lotus Notes and 
Domino environment. 

Worldwide Corporation has decided to use Notes and Domino as their 
international standard for messaging and collaboration. Worldwide has gone 
through extensive planning to determine their mail and application requirements 
and to identify how Notes and Domino can accommodate those requirements. 

As a result of their planning, Worldwide has designed a deployment plan to 
describe how they will implement Notes and Domino throughout the corporation. 

This lesson covers basic guidelines and considerations to use when planning a 
Notes and Domino implementation and introduces Worldwide’s deployment plan 
and implementation checklist. 


Objectives 


Upon completion of this lesson, you should be able to: 

v Identify basic planning considerations and guidelines, 
v' Identify the process for implementing a Domino infrastructure. 
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Planning Considerations 

When planning a Domino infrastructure: 

■ Determine the business problems to be addressed. 

■ Examine the organizational structure. 

■ Design the Domino environment around the organizational structure. 

The Domino infrastructure should enhance and support the organizational 
structure. 



Checklist: Planning the Domino environment 


Worldwide Corporation used the following checklist to plan their infrastructure. 



Task 

Procedure 

□ 

1 

Identify structure of organization. 

□ 

2 

Create planning team. 

□ 

3 

Identify tracking mechanism. 

a 

4 

Define the business problem. 

a 

5 

Identify how Domino can address the business problem. 

a 

6 

Identify access needs. 

a 

7 

Identify hardware requirements (site map). 

□ 

8 

Identify server roles. 

a 

9 

Select location for servers. 

□ 

10 

Identify network protocol(s) and networking changes. 

a 

11 

Choose replication topology. 

□ 

12 

Identify directory strategy. 

a 

13 

Select mail routing strategy. 

□ 

14 

Develop naming scheme. 

a 

15 

Define security. 

□ 

16 

Determine server configurations. 

□ 

17 

Determine client configurations. 

a 

18 

Determine rollout strategy. 

□ 

19 

Determine education strategy. 
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Planning Guidelines 

Several areas need to be considered when planning a Domino infrastructure. It is 
important to determine and follow guidelines to ensure that all tasks are properly 
carried out. 


Guidelines for planning tasks 


The following table provides some guidelines for planning tasks. 


Task 

Guidelines 

Identify structure of 

organization: 

■ Examine current 
structure. 

■ Validate with upper 
management. 

■ Design Domino 
infrastructure around 
organization. 

Determine: 

■ Geographic layout of the organization 

■ Mobile considerations 

■ Number of users and where they are located 

■ Business model 

■ Work environment 

■ Infrastructure 

■ Communication 

■ Future plans 

■ Key departmental considerations 

■ Decision makers 

Create planning team. 

■ Identify the decision makers (based on size of company, 
will be different roles). 

■ Identify the skills required to design the Domino 
infrastructure. 

■ Assign individuals/job titles to the skills. 

■ Identify gaps in skills and/or human resources. 

■ Ensure approval from upper management. 

Identify tracking 

mechanism to: 

■ Record planning 
progress. 

■ Allow adjustment of 
goals as necessary. 

■ Keep users informed. 

■ Serve as a project 
management tool. 

Identify: 

■ The types of information to track, for example: 

■ Dates 

■ Timelines 

■ Budget 

■ How the information will be used 

■ Who will contribute to it 

■ How it will be updated and managed 

■ Suggested tracking mechanisms, such as: 

■ Domino Web application located on a test server 

■ Existing project management software 


(continued on next page...) 
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Planning Guidelines.../conf/myed) 

Guidelines for planning tasks... 


Task 

Guidelines 

Define the business 
problem. 

Typical business problems include: 

■ Knowledge management 

■ Process 

■ Communication 

■ Extended enterprise 

Identify how Domino 
can address the 
business problem. 

Basic Domino solutions include messaging and/or workflow: 

■ E-mail/PIM 

■ Broadcast/Reference 

■ Discussion 

■ Tracking/Workflow 

Identify access 
needs. 

Identify: 

■ Current and future user information access requirements 

■ User location access requirements 

■ Domino hardware requirements 

■ Changes to existing hardware based on user needs and 
Domino requirements 

Identify hardware 
requirements (site 
map). 

■ Identify factors affecting hardware infrastructure, such as 
budget and expertise. 

■ Determine operating system(s) for Domino servers. 

■ Identify Domino specifications. 

■ Determine need for clustering and/or partitioned servers. 

■ Determine backup strategy. 

■ Identify current hardware infrastructure (create a site map). 

■ Determine changes to current hardware infrastructure to 
support Domino. 


(continued on next page...) 
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Planning Guidelines.../co/7f/nued) 


Guidelines for planning tasks... 


Task 

Guidelines 

Identify server roles. 

■ Determine the roles of Domino servers based on the 
business problem, for example: 

■ Mail 

■ Application/Web 

■ Hub 

■ Communication 

■ Certificate Authority 

■ Firewall 

Select location for 

servers. 

■ Assign roles to servers in locations based on: 

■ Organizational structure 

■ Business problem(s) 

■ User needs 

■ Hardware requirements 

■ Update the site map by specifying which servers belong in 
each location. 

Identify network 
protocol(s) and 
networking changes. 

Identify network connections based on: 

■ Network protocols (recommended protocol TCP/IP) 

■ Network traffic (LANs and WANs) — amount of bandwidth 
needed depends on: 

■ The amount of mail traffic and database replication 

■ How traffic is routed (shared applications on the same 
network 

■ Clustering, if clustered servers are implemented 

■ Domino Named Networks, including: 

■ Connection types (protocols available, bandwidth) 

■ Time zones (when does replication occur?) 

■ Which workgroups exist in multiple sites and are 
dependent on each other for information? 

■ What is the level of urgency for data within an application 
that is replicated between servers? 

■ Who communicates with whom most often? 

■ What dialup connectivity is required? 


(continued on next page...) 
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Planning Considerations.../conf/myec/) 

Guidelines for planning tasks... 


Task 

Guidelines 

Choose replication 
topology. 

■ Identify who needs access to what information and when. 

■ Identify where to put applications to be replicated. 

■ Determine how and when replication occurs. 

■ Use Hub and Spoke topology when possible to maximize 
server resources. 

■ Use dedicated replication hubs where possible. Use Pull/ 
Push replication from the hubs. 

■ Create a replication map that shows which servers replicate 
with each other, the frequency of replication, and any 
restrictions that are in place. 

■ Place applications in geographic locations by workgroups. 

Identify directory 
strategy. 

■ Identify domain or domains. 

■ Define directory structure by domain. 

■ Identify how the Domino Directories will be used. 

■ Identify the external directories that will be accessible to 
Domino users. 

■ Determine whether to use Central Directory (for better 
performance and efficiency). 

■ Determine whether to use Directory Catalogs (for mobile 
users). 

Select mail routing 
strategy. 

■ Identify mail clients. 

■ Identify which mail routing protocol or protocols to use based 
on client types. 

■ Determine message format based on client types. 

■ Decide on security mechanism(s). 

■ Determine how mail is routed using a topology map. 

Develop naming 
scheme. 

Determine Organizational Units based on: 

■ Location 

■ Departments 

■ Workgroups 

Server’s common name should: 

■ Be a short, descriptive name. 

■ Contain an abbreviation for the region where it resides. 

■ Not contain any spaces. 

■ Be easily expandable 

■ Be easily recognizable for the tasks the server performs. 


(continued on next page...) 


Administering IBM Lotus Domino 6: Building the Infrastructure 


23 


Lesson 1 ■ Using a Deployment Plan 


Planning Guidelines...(conf/nuedj 

Guidelines for planning tasks... 


Task 

Guidelines 

Define security. 

Secure the following: 

■ Workspace 

■ Network 

■ Server 

■ Workstation 

■ Applications 

Determine server 
configurations. 

Consider standardizing the following for Domino servers: 

■ File directory structure 

■ Database location 

■ Database size quotas 

■ Domino server types based on the server role 

■ Notes client types based on users’ job responsibilities 

■ Use of the same release of Domino server software 
throughout the organization 

Determine client 
configurations. 

■ Identify Domino client types. 

■ Identify non-Domino client configurations. 

■ Identify user mail configurations. 

Determine rollout 
strategy. 

■ Identify project milestones and deadlines. 

■ Identify who is responsible for project milestones. 

Determine education 
strategy. 

■ Identify training resources for technical users. 

■ Identify training resources for end users. 
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Worldwide’s Deployment Plan 

The complete Worldwide Corporation Infrastructure Plan appears in Appendix B: 
Worldwide Corporation Infrastructure Plan. The deployment plan includes three 
regions for implementation: 

■ Headquarters (Corporate) 

■ East 

■ West 


Classroom implementation 


This course implements the basic infrastructure based on the deployment plan. 
The Domino and Notes components for the three regions appear in the following 
completed classroom diagram. 


Mail Routing 



Doctor Notes/WWCorp 


EastOI /SVR/WWCorp 
East02/SVR/WWCorp 


East03/SVR/WWCorp 

East04/SVR/WWCorp 


East05/S V R/WW Co rp 
East06/SVR/WWCorp 


— 



Admin EastOI 
Admin East02 





Admin East03 
Admin East04 


Admin East05 
Admin East06 


DNN: WWCorpEast 



Admin WestOI 
Admin West02 


■ 





Admin West03 
Admin West04 



C3 


Admin West05 
Admin West06 

DNN: WWCorpWest 


WestOI /SVR/WWCorp 
West02/SVR/WWCorp 


West03/SVR/WWCorp 
West04/S V R/WW Co rp 


West05/SVR/WWCorp 

West06/SVR/WWCorp 


Ip 

Hub server: Replicates 
databases, routes Internet and 



intranet mail. 

; 


Mail server: Stores mail files, 
routes mail to the hub server and 
other mail servers in the Domino 
Named Networks. 
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Lesson 1 ■ Using a Deployment Plan 


Implementation Checklist 


This course implements a subset of Worldwide Corporation’s deployment plan. 



Checklist: Building the Domino environment 


This course implements the following tasks from Worldwide Corporation’s 
deployment plan. 



Task 

Procedure 

□ 

1 

Set up the first server. 

a 

2 

Add an administrator’s workstation. 

□ 

3 

Set up access to the Domino Directory. 

a 

4 

Add Domino servers. 

a 

5 

Add Organizational Units. 

a 

6 

Register administrators. 

a 

7 

Add Notes clients. 

a 

8 

Create user groups. 

□ 

9 

Create organizational policy. 

a 

10 

Register users. 

□ 

ii 

Set administration preferences. 

□ 

12 

Set up access to servers. 

□ 

13 

Set up server logging. 

□ 

14 

Synchronize Domino system databases throughout the domain. 

a 

15 

Route mail internally. 

□ 

16 

Route mail to the Internet. 

□ 

17 

Set mail controls. 

a 

18 

Test mail routing and delivery. 
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Setting Up the First Server 
and Administrator 


The administrators for Worldwide Corporation will begin implementation with the 
first Domino server. The following components result from setting up the first 
server, which will be used to implement the rest of the plan: 

■ Organization certifier 

■ Server name 

■ Administrator’s name 

■ Directory of resources in the domain 


Objectives 


Upon completion of this lesson, you should be able to: 

v Install the Domino server software. 
s Install the Domino Administrator client software. 
s Set up the first Domino server, 
v' Set up the Domino Administrator client. 

✓ Create a database to track Domino and Notes registration. 
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Lesson 2 


Setting Up the First Server and Administrator 


Choosing the Domino Server Installation 
Type 

To ensure installation of the appropriate server software, administrators must 
select the server type at installation. 


Domino server installation types 


The following table outlines the three Domino server installation types. 


Server Type 

Function 

Domino Utility server 

■ Application services only 

■ Support for Domino clusters 

Note: This does not include support for messaging services. 

Domino Messaging 
server 

■ Messaging services 

Note: This does not include support for application services 
or Domino clusters. 

Domino Enterprise 
server 

■ Both messaging and application services 

■ Support for Domino clusters 


Note: All three server types support Domino partitioned servers. 

t kjarfO PcQvwHy 

Classroom server installation types 
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This lesson covers installing and setting up the first server in the Domino 
environment. A subsequent lesson covers setting up all other servers in the same 
domain. We will select Domino Enterprise server as the installation type to allow 
for all possible configurations. 


Domino partitioned servers 


The installation presents an option for Partitioned Server Installation. This 
option allows an administrator to install and configure more than one Domino 
server on the same machine. Worldwide Corporation has chosen to dedicate a 
machine to each server, so we will leave this checkbox deselected during 
installation of the classroom servers. 
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Installing the Domino Server Software 

Installing the Domino server software copies executables, database templates, 
and other files to the hard drive. On Microsoft® Windows® platforms, the 
installation also creates registry entries. 



Install the Domino server software 


Follow these steps to install the Domino Enterprise server software. 


Step 

Action 

1 

Run the Domino 6 server installation executable, Setup.exe, from the 
location provided by the instructor. 

2 

On the Welcome screen, click Next. 

3 

Click Yes to agree with the terms of the License Agreement. 

4 

On the next screen, enter the following information: 

■ Name: Enter your name. 

■ Company name: Enter WWCorp. 

■ Ensure that Partitioned Server Installation is deselected. 

Then, click Next. 

5 

On the next screen, select the following folders: 

■ Program folder: dr/VeADomino 

■ Data folder: dnVeADominoNdata 

where drive is provided by the instructor. 

Then, click Next. 

6 

Select Domino Enterprise server, and click Next. 

7 

Accept the default Program Folder, Lotus Applications, in which to include 
the Domino 6 menu item, and click Next to begin copying files. 

8 

Click Finish to complete the installation. 
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Installing the Workstation Software 

Administrators require a client to administer the Domino servers. Worldwide 
administrators will use the Domino Administrator client to perform all 
administrative tasks. 


To provide all students with a comprehensive hands-on experience, we 
have designed this course so that students administer their own 
servers. To accommodate this, you will run the client and server 
Classroom software on the same machine. The Domino server and Notes client 
Scenario software support this configuration provided that the server and client 
software is installed in separate directories on the machine. While we 
recognize that this is not an optimal nor a recommended configuration to 
deploy in a "real world" environment, we use this environment in the 
classroom to provide students with the experience of administering their 
own servers. 



Client installation types 


The workstation installation offers three Notes-based clients. 


Client Type 

Purpose 

Notes 

An interface for working with Notes databases 
and Internet data. 

Domino Administrator 

An interface for administering Domino systems. 

Domino Designer 

An interface for adding functionality to new or 
existing databases. 


Note: Selecting either the Domino Administrator client or the Domino Designer 
client also installs a Notes client. 
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Installing the Workstation Software... (continued) 


Can multiple users share a Notes workstation? 


Many environments require different users to share programs on a workstation. 
The Notes workstation installation offers a multi-user option so that multiple users 
can share a Notes client, with each user maintaining a separate environment. 
There are two considerations: 

■ The operating system must support multiple user profiles. 

■ The Domino Designer client and the Domino Administrator client do not 
support multi-user. 

Worldwide Corporation has chosen not to implement multi-user workstations, so 
we will leave this option deselected during installation of the classroom 
workstations. For more information on multi-user workstations, refer to the 
Domino Administrator 6 Help. 
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Installing the Workstation Software...(conf/nuedj 



Install the Domino Administrator client software 


Follow these steps to install the Domino Administrator client software on 
designated workstations in the classroom. 


Step 

Action 

1 

Run the Notes 6 client installation executable, Setup.exe, from the location 
provided by the instructor. 

2 

On the Welcome screen, click Next. 

3 

Select 1 accept the terms in the license agreement, and click Next. 

4 

On the next screen, enter the following information: 

■ User Name: Enter your assigned user name. 

For example, enter Admin EastOl. 

■ Organization: Enter WWCorp. 

Then, click Next. 

5 

Select the following folders: 

■ Install program files to the c/r/Ve:\Notes directory. 

■ Install data files to the dr/Ve:\Notes\data directory, 
where drive is provided by the instructor. 

Then, click Next. 

6 

On the Custom Setup screen, click Domino Administrator, and select This 
feature, and all subfeatures, will be installed on local hard drive. 

Click Next to install the default client components. 

7 

Click Install to begin copying files. 

8 

Click Finish to complete the installation. 
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What Is First Server Setup? 


After installing the server software, an administrator must launch the server to 
configure it. First server setup creates the Domino environment to which other 
servers and users are added. 


What first server setup accomplishes 


The first server setup program creates the components described in the following 
table. 


Component 

Stored In 

A Domino Directory for the new domain 

The server’s data subdirectory, as 
Names.nsf 

An organization certifier for the 
organization 

■ Cert.id file in the Domino server’s data 
subdirectory 

■ Certifier document in the Domino 
Directory 

(Optional) An organizational unit certifier 

■ Oucert.id in the data subdirectory. 

■ Certifier document in the Domino 
Directory 

A server document for the server 

The Domino Directory 

A server ID stamped by the organization’s 
certifier 

The Server document and/or the server’s 
data subdirectory 

A Person document for the administrator 

The Domino Directory 

The administrator’s ID stamped by the 
organization’s certifier 

The Person document and/or the server’s 
data subdirectory 
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What Is First Server Setup?...(contoedj 


Illustration of components 


The following figure illustrates the components in the preceding table. 


Components from First Server Setup 


File System 


s^^Database (NSF 

Names.nsf 


Certificate(s) 

Cert. ID 


Configuration 

Server.lD 


Connections 

User.lD ** ^ 


Domain 

Oucert.lD (optional) ^ 

— 

Groups 



. ^ Mail-in database 

Person 

Program 

Server 

Policies 


34 


Administering IBM Lotus Domino 6: Building the Infrastructure 


Lesson 2 ■ Setting Up the First Server and Administrator 


What Is First Server Setup 7 . ..(continued) 


The Domino Directory 


The Domino Directory is the most important database in the Domino environment. 
It contains information about all Domino resources and how the resources 
function. Each additional server in the domain has a replica of the Domino 
Directory. 


Replicas of the Domino Directory 


The following diagram represents Domino Directories on different servers. The 
arrows represent replication, keeping the information synchronized. 
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Worldwide’s Domain 


Although it is possible to have more than one domain within a company, 
Worldwide Corporation has decided to use a single domain named WWCorp. 


Classroom Domino domain 

Worldwide’s choice to use a single domain: 

Classroom ■ Simplifies the process of addressing mail. 

Scenario ■ Optimizes mail routing. 

■ Is easier to maintain than multiple domains. 

Note: The domain name should be a single word, made up of only alphabetic 
(A-Z) or numeric (0-9) characters. 



When to use multiple domains 


Large enterprise corporations might consider defining regions or countries as 
separate domains in order to keep the Domino Directory manageable for 
administrators, to facilitate name lookup, and to maintain good server 
performance. 

Tip: Consider placing Web servers accessible via the Internet in a separate 
domain to maintain a secure environment. 


What is the difference between a domain and an 
organization? 


Note the following differences: 

■ A Domino domain is the collection of Domino servers and users that share the 
same Domino Directory. 

■ A Domino organization is defined by the certifier that stamps the IDs of users, 
servers, and other certifiers. There is a trust relationship within the 
organization so that users and servers can communicate and share data. The 
organizational certifier provides security and uniformity in naming of users and 
servers. The certifier name is part of the hierarchical name of all users and 
servers in the organization. 
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Server Setup Program Choices 

For convenience, the server setup program offers the ability to select Internet 
protocols that will load automatically at server startup. These can be configured 
later if not selected at server setup. 


Types of server audiences 


The audience selected during server setup determines the server tasks that will 
run on the Domino server to accommodate the type of users who will access the 
server. The following table describes the types of server audiences. 


Server Audience 

Description 

Web browsers 

For Web browsers, such as Microsoft Internet Explorer and 
Netscape Navigator®, to access data on the server. 

Internet mail 
packages 

For Internet mail clients using the following protocols to access 
mail on the server: 

■ POP3 (Post Office Protocol 3) 

■ IMAP (Internet Message Access Protocol) 

■ SMTP (Simple Mail Transfer Protocol) 

Directory Services 

For clients using LDAP (Lightweight Directory Access 

Protocol). The LDAP task starts automatically on the 
administration server of the Domino Directory. 


Security options and administrators group 


The server setup program contains options for adding entries to ACLs. 

■ The option for Prohibit anonymous access adds an ACL entry called 
Anonymous to all databases, and gives it the No Access ACL setting. 

■ The option to create a LocalDomainAdmins group gives some or all 
administrators Manager access to all databases. This is accomplished as 
follows: 

■ A group named LocalDomainAdmins is created in the Domino Directory 
and is given Manager access to all databases created on the server. 

■ The first server’s administrator is added to LocalDomainAdmins during 
first server setup. Other administrators can be added to the group later. 
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■ Setting Up the First Server and Administrator 

How to Set Up the First Domino Server 

The first step in creating the Domino environment is to set up the first server. 

Setting up and launching the first server 


Follow these steps to set up the first server. 


Step 

Action 

1 

Launch the Domino server to run the setup program. From Windows, choose 
Start-> Programs-^ Lotus Applications^ Lotus Domino Server. 

Note: Options for accessing the Domino Server Setup program vary by 
platform, and are covered in the appropriate installation guide. 

2 

On the Welcome screen, click Next. 

3 

Select Set up the first server or a stand-alone server, and click Next. 

4 

Enter the following information: 

■ The designated name of the server. 

■ (Optional) Enter a title. For example, enter a description of the server’s 
purpose. 

■ (Optional) Select 1 want to use an existing server ID file, to use a server 
ID file from a previous installation. 

Then, click Next. 

5 

Enter the following information for the organization: 

■ Organization name: Enter the designated organization name. 

■ Organization Certifier password: Enter the designated organization 
password for the organization’s certifier ID file. 

■ Confirm password: Enter the same password. 

■ (Optional) Select 1 want to use an existing certifier ID file, to use an 
organization certifier ID file from a previous installation. 

■ (Optional) Click Customize and enter the following information: 

■ Organizational Unit name: The designated organizational unit name. 

■ Org. Unit Certifier password: Enter the designated password for the 
organizational unit’s certifier ID file. 

■ Confirm password: Enter the same password. 

■ (Optional) Select 1 want to use an existing organizational unit 
certifier ID file, to use an organizational unit certifier ID file from a 
previous installation. 

■ (Optional) Select a country code. 

■ Click OK. 

Then, click Next. 



(continued on next page...) 
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How to Set Up the First Domino S e r ver. . . (continued) 


Setting up and launching the first server... 


Step 

Action 

6 

Enter the designated domain name, and click Next. 

7 

Provide the following information about the administrator of the server: 

■ Enter the designated first and last names of the administrator. 

■ Enter the administrator’s password and confirm the password. 

■ (Optional) Select Also save a local copy of the ID file. 

■ (Optional) Select 1 want to use an existing Administrator ID file, to use 
an administrator ID file from a previous installation. 

Then, click Next. 

8 

Select the appropriate Internet service types, or click Customize to select 
individual services. 

Click OK, then, click Next. 

9 

(Optional) For Domino Network settings, click Customize to make the 

following types of changes, if required: 

■ Deselect network ports that will not be used with this Domino server. 

■ For each port Domino will use: 

■ Select Encrypt if all network data sent by the server should be 
encrypted to render the data unreadable to someone with a network 
sniffer. 

■ Select Compress if all network data sent by the server should be 
compressed to improve performance in a saturated or low-bandwidth 
network. 

■ Change the fully qualified Internet host name if required. 

Click OK, then, click Next. 

10 

(Optional) Deselect security options if needed, and click Next. 

11 

Review the selections, and click Setup. 

12 

Enter password(s), if prompted. 

13 

When setup is complete, click Finish. 

14 

Launch the Domino server. From Windows, choose 

Starts Programs-^ Lotus Applications-^ Lotus Domino Server. 
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Setting Up the First Server and Administrator 


Protecting the Certifier ID 


A person with access to the organization certifier ID file and its password 
has the ability to change the entire organization’s hierarchy. Carefully 
consider and plan access to this file. 

Caution 



Secure the organization certifier ID file 


The organization certifier ID (Cert.id) does not need to remain in the Domino\data 
subdirectory. Leaving it there could be a security risk if unauthorized users gain 
access to the server machine. Move the Cert.id file from the Domino\data 
subdirectory on the first Domino a server to a secure area, such as on a diskette 
stored in a locked cabinet. 

For additional security, consider requiring multiple passwords to access the 
organization certifier ID. 


Alternative to using the certifier ID file and password 


The server-based Certification Authority (CA) allows selected administrators to 
perform registration tasks without access to a certifier ID file and password. This 
enables registration of Notes users from a Web browser, using the Domino Web 
Administrator client, as well as from the Domino Administrator client. For more 
information about the server-based CA, refer to the Domino Administrator 6 Help 


Worldwide Corporation will distribute certifier ID files instead of using the 
server-based CA for registration of Notes users. 

Classroom 

Scenario 
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Worldwide’s Organizational Structure 

Worldwide Corporation’s deployment plan divides /WWCorp into three 
organizational units. 


Classroom organizational implementation 



Classroom 

Scenario 


Worldwide Corporation is using the following organizational structure: 

■ The organization certifier is /WWCorp. 

■ All servers will be in an organizational unit named /SVR/WWCorp 

■ Users will be in one of the following organizational units: 

■ /East/WWCorp 

■ /West/WWCorp 


Worldwide’s certifiers 


The following diagram represents the certifiers in Worldwide’s Domino 
organization hierarchy. The organization certifier is /WWCorp and the three 
organizational unit certifiers are descendants of /WWCorp. 
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Worldwide’s Organizational Structur e...(continued) 


What purposes can organizational units serve? 


Dividing an organization into organizational units (OU) allows for: 

■ Management by region or division. For example, database ACLs can specify 
different privileges for each OU. 

■ Separation of servers from users. For example, an administrator can easily: 

■ Cross-certify the OU containing all servers with another organization. 

■ Not cross-certify users with the other organization. 

■ Unique names for users who have the same common name. 


Are organizational units required? 


A company may choose not to use organizational units. There are methods that 
serve similar purposes for those Domino environments: 

■ Group documents can enable management of subsets of the population. For 
example, a group document can contain all people in the East division. 

■ In smaller organizations, servers may not need to be separated from users. 

■ Differentiating two users who have the same first and last name and need to 
be certified by the same certifier can be accomplished in two ways: 

■ The middle initial can be included as part of the common name. 

■ The user registration dialog has an option to create a unique 
organizational unit. This adds an OU component to the user name, but the 
OU name does not really exist as a separate certifier. 


Naming Requirements for an organizational unit 


The Organizational unit name can be a maximum of 32 characters and may 
include alphabetic characters (A - Z), numbers (0 - 9), and the ampersand (&), 
dash (-), period (.), space ( ), and underscore (_). For information on naming 
requirements for this and other Domino components, refer to the Domino 
Administrator 6 Help document titled Table of Naming Requirements. 

Note: The space character is not recommended because programs other than the 
Notes client may not allow spaces. 
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Worldwide’s Hierarchical Naming 
Scheme 

Each server and user is certified by a certifier. Worldwide will use certifier names 
that: 

■ Indicate the region where the users work. 

■ Indicate the servers being separate from users. 


Organizational hierarchy 


The following diagram displays Worldwide’s Domino organizational hierarchy and 
the users and servers certified by each certifier. 
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Worldwide’s Hierarchical Naming Schem e...(continued) 


How does an organization offer security? 


All users and servers within the AA/WCorp hierarchy will be able to authenticate 
with each other. For example, when a user opens a database on a server, the user 
and server will check each other’s certificates to verify that they are both 
descendants of the /WWCorp certifier. If so, the user database will open unless 
another security measure restricts access. 


What are descendants? 


The deployment plan calls for setting up one organization hierarchy. Therefore, all 
names are descendants of the /WWCorp organization certifier. 

■ Certifier IDs stamp server, user, and other certifier IDs with their certificates. 
The /WWCorp organization certifier stamps one entity, the user Doctor Notes. 

■ The /WWCorp certifier stamps the following OU certifiers which will stamp the 
IDs for other users and servers: 

■ /SVR 

■ /East 

■ /West 


Can different organizations authenticate with each other? 


If Worldwide Corporation merges with another company, for example, Acme 
Corporation, the Notes and Domino infrastructures would not be able to 
communicate without administrative intervention. Administrators can perform a 
technique called cross-certification to establish trust between the two Domino 
organizations. Refer to the Domino Administrator 6 Help for more information 
about cross-certification. 
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Naming Options for Regions 


Domino offers flexibility in organizational naming schemes. Organizations should 
carefully consider the best naming scheme before first server setup. 


Are country codes needed? 


In an international organization, using country codes requires creating multiple 
organization certifiers (one for each country code). For example, if Worldwide 
Corporation chose to use country codes for branches in the US, Great Britain, and 
Brazil, there would be three organizations: 

■ /WWCorp/US 

■ /WWCorp/GB 

■ /WWCorp/BR 

Note: Using country codes increases administrative work. The following section 
describes an alternative to using country codes. 


Recommendations for organizational units 


Use the following guidelines for deciding on organizational units: 

■ As an alternative to using country codes, use the first OU level to designate 
the country, for example, /US/WWCorp. 

■ Use the second OU level for region or department names to further distinguish 
users, for example: 

■ /East/GB/WWCorp, or 

■ /ISS/GB/WWCorp 

■ A hierarchical name can be comprised of up to four organizational units. 
However, in general, do not use more than three organizational units. 
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Setting Up a Workstation 


Once the Notes workstation software is installed, a user runs the workstation 
setup program to configure it appropriately. The workstation setup program 
configures the workstation and connects it to the Domino intranet. The setup 
program will: 

■ Connect to the specified server, which must contain a Person document for 
the user. 

■ Download the ID file if stored in the user’s Person document. 

■ Create the user’s Personal Address Book locally. 

■ Set up bookmarks for the user’s mail file and Personal Address Book, and 
other databases specified in setup settings of policies. 

■ Create documents in the Personal Address Book. 



Setting up the first workstation 


Follow these steps to configure a Notes workstation. 


Step 

Action 

1 

Launch Domino Administrator to start the setup program. 

From Windows, choose Start-> Programs-> Lotus Applications^ Lotus 
Domino Administrator. 

2 

Click Next on the Welcome screen. 

3 

Enter the following information on the User Information screen: 

■ Your Name: The name of the user created during first server setup 

■ Domino Server: The hierarchical name of the first server 

■ Select 1 want to connect to a Domino server. 

Then, click Next. 

4 

Enter the password for the user, and click OK. 

5 

(Optional) Select Internet clients and proxy servers as required. 

6 

To confirm LAN connection setup is complete, click Next. 

7 

When setup is complete, click OK. 


Results: The Domino Administrator client appears and also displays two other 
screens that can be closed: 

■ The Welcome screen can be closed temporarily or permanently. 

■ The Domino Directory Profile appears after the first opening of the Domino 
Administrator on the first server. This profile contains advanced options and 
can be edited now, or later from the Actions menu. 
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Tracking Notes and Domino Certified 
Users 


A server used for registering and managing users should have a database called 
the Certification Log. The file name must be Certlog.nsf. 


What is the Certification Log? 


The Certification Log (Certlog.nsf) maintains a record of each use of a certifier 
to register a user, or another certifier. The information includes: 

■ Name, license type, and ID number for the registered user, server, or certifier. 

■ Date of certification and expiration. 

■ Name, license type, and ID number of the certifier ID used to certify the new 
ID. 

Tip: Use one Certification Log for the organization. First server setup 
automatically creates the Certification Log on the first server. Create a replica of 
the Certification Log on each additional server that will be used to register and 
manage users. The file name of each replica must also be Certlog.nsf. 


The License tracking database 


An administrator may also choose to monitor the number of active users within a 
Domino domain. The License Tracking database serves this purpose. For more 
information, refer to the Domino Administrator 6 Help document titled License 
Tracking. 


The Domino Server Log 


Every Domino server has a Domino Server Log (Log.nsf) that reports all server 
activity and provides detailed information about databases and users on the 
server. The server log file: 

■ Can be configured to report the desired level of detail about server activity. 

■ Is created automatically when a server is started for the first time. 
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Assigning Roles to Administrators 


Having Manager access to the Domino Directory’s ACL enables editing the ACL. 
To create and edit documents in the Domino Directory, the administrator must also 
be assigned the appropriate ACL role(s). Worldwide Corporation will assign all 
ACL roles to the administrators and to servers. 


The special privilege of LocalDomainAdmins group 


During first server setup, we chose to add the group LocalDomainAdmins and 
assign it Manager access in the ACL of every database. This allows any 
administrator listed in LocalDomainAdmins to change the ACL of any database, 
including the Domino Directory. 


What privileges does the LocalDomainAdmins group lack? 


The LocalDomainAdmins entry is not automatically assigned any roles. The roles 
in the Domino Directory specify who can create and edit documents. Without the 
roles, an administrator cannot perform any registration tasks, because the 
registration program creates documents. Managers can edit the ACL, so 
members of LocalDomainAdmins could assign the appropriate ACL roles to 
themselves. 



Assigning roles to administrators and servers 


The following procedure assigns roles in the ACL of the Domino Directory. 


Step 

Action 

1 

In Domino Administrator, select the Files tab. 

2 

Right-click Names. nsf, and choose Access Controls Manage. 

3 

Select LocalDomainAdmins, and select appropriate roles. 

4 

Select LocalDomainServers, and select the appropriate roles. 

5 

Click OK to save the ACL changes. 
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Deployment Tasks Implemented 


In this lesson, we created the initial server and workstation in the domain and 
expanded the organization to include organizational units. 



Checklist: Building the Domino environment 


The bolded tasks from the Implementation Checklist were completed in Lesson 2. 



Task 

Procedure 

□ 

1 

Set up the first server. 

□ 

2 

Add an administrator’s workstation. 

a 

3 

Set up access to the Domino Directory. 

□ 

4 

Add Domino servers. 

a 

5 

Add Organizational Units. 

a 

6 

Register administrators. 

□ 

7 

Add Notes clients. 

□ 

8 

Create user groups. 

a 

9 

Create organizational policy. 

a 

10 

Register users. 

□ 

11 

Set administration preferences. 

a 

12 

Set up access to servers. 

□ 

13 

Set up server logging. 

□ 

14 

Synchronize Domino system databases throughout the domain. 

a 

15 

Route mail internally. 

a 

16 

Route mail to the Internet. 

□ 

17 

Set mail controls. 

a 

18 

Test mail routing and delivery. 
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Adding Domino Servers 


Worldwide Corporation has planned for mail and utility servers. They will use the 
organizational unit certifiers and the Domino Directory to expand the organization 
hierarchy in order to add servers to the Domino intranet. 


Objectives 


Upon completion of this lesson, you should be able to: 

s Register servers per an established naming scheme. 
s Set up additional servers in the Domino domain. 
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Preparing for Additional Servers 

Administrators register additional servers using an existing server and 
workstation. 


Adding servers to a domain 


The server registration process creates: 

■ A Server document in the Domino Directory. 

■ An ID file stored as one or both of the following: 

■ An attachment in the Server document 

■ A file at the operating system level 


Classroom server implementation 


The following diagram shows the classroom servers. 
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Preparing for Additional Servers ...(continued) 


Access to register servers 


To register servers, an administrator must have the appropriate access to the 
Domino Directory, including the following in the ACL: 

■ Author access or higher 

■ The Create documents privilege 

■ The ServerCreator role 

In addition, the administrator must have access to the certifier ID file and 
password, or be a registration authority for a certifier migrated to use the Server- 
based Certification Authority. 


Always select a registration server 


Whenever registering a certifier, server, or user, select a Domino server for the 
registration server. Domino creates the appropriate document in the Domino 
Directory on the registration server first. Then, Domino replication distributes 
changes to replicas of the Domino Directory on other servers in the domain. 



Caution 


Do not leave the Registration server as “Local.” Always select an 
appropriate registration server. If the server name is left as Local, the 
registration program creates the document in the client's Personal 
Address Book. If this happens, there are two solutions: 

■ Copy the document from the Personal Address Book, and paste it to 
the appropriate view in the Domino Directory. 

■ Or, simply repeat the registration. 
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Preparing for Additional Servers ...(continued) 


Options for storing the server ID file 


The server registration program allows a choice of locations for the server ID file. 

Consider the following factors. 

■ Storing the ID file in the Domino Directory of an existing Server: 

■ Allows the new server to detach the ID file from the Server document of 
the existing server’s Domino Directory. 

■ Requires a password for the attached server ID. The result is that after the 
server is set up, it cannot be restarted from the Domino Administrator 
remotely, because the password prompt displays on the server machine. 

■ Storing the ID file in the file system requires that the additional server machine 
has access to the ID file locally or on the network. 
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Preparing for Additional Servers ...(continued) 



Register the classroom servers 


Follow these steps to register your assigned classroom server from the 
instructor’s server. 


Step 

Action 

1 

From Domino Administrator, select Hub/SVR/WWCorp to administer. 

2 

Select the Configuration tab. 

3 

On the Tools pane, choose Registration^ Server. 

4 

In the Choose a Certifier dialog box: 

■ Click Server, select Hub/SVR/WWCorp as the registration server, and 
click OK. 

■ Click Certifier ID, navigate to the Domino\Data subdirectory, select 

Oucert.id, and click Open. 

Then, click OK. 

5 

Enter the certifier ID password (provided by the instructor), and click OK. 

6 

On the Certifier Recovery Information warning, click OK. 

7 

Select the appropriate Security type with guidance from the instructor, then 
click Continue. 

8 

On the Basics panel, enter the following information. 

■ Enter the assigned server name, for example: 

■ EastOl ■ WestOl 

■ East02 ■ West02 

■ East03 ■ West03 

■ For Domino domain name, enter WWCorp. 

■ For Server Administrator name, enter LocalDomainAdmins. 

■ Choose Weak for the password quality to provide the ability to remove the 
password. 

■ Enter the password provided by the instructor. 

■ Select both of the following for Location for storing server ID: 

■ In Domino Directory 

■ In file 

9 

Click 13, to add your server to the queue. 

10 

Highlight the entry for your server in the queue at the bottom, and click 

Register. 

11 

When all servers are registered, click Done. 
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The Central Directory Option 

By default, each replica of the Domino Directory stores all documents. Changes to 
any type of document in one replica usually need to replicate to each other 
replica. If a server needs only a subset of documents, an administrator can select 
the subset by editing the replication settings for the Domino Directory. 


Standard directory structure 


The following diagram shows full Domino Directories on every server. The arrows 
represent replication. All servers store and replicate all Domino Directory 
document types. 
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The Central Directory Option ...(continued) 


Central directory structure 


In a central directory structure, the Domino Directory on a server can be a: 

■ Primary Domino Directory, which stores all documents. 

■ Administration Domino Directory, which stores all documents and is an 
administration server. 

■ Configuration Domino Directory, which stores only the documents needed 
for basic server operation. 

For example, a Configuration Directory server does not store Person or Group 
documents. In a large domain, this option saves disk space and decreases 
replication work significantly. 

In the following diagram, the servers in the center store and replicate all types of 
Domino Directory documents, so they have full Domino Directories. The servers 
at top and bottom have Configuration Domino Directories. 
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The Central Directory Option...(continued) 


How does a server become a Configuration Directory? 


An administrator can select Configuration Directory for a server before or after 
server setup. The methods are: 

■ During server setup, by selecting the Configuration Directory option. 

■ After setup, by selecting the Domino Directory’s Replication 
Settings-^ Space Savers panel and selecting Include-^Configuration 
documents only. 
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Setting Up Additional Servers 

After preparing for additional servers, set them up and start them to add them to 
the domain. 



Set up and start an additional Domino server 


Follow these steps to set up your assigned classroom server. 


Step 

Action 

1 

Launch the Domino server to run the setup program. For example, from 
Windows, choose Start->Programs-> Lotus Applications-^ Lotus Domino 
Server. 

2 

On the Welcome screen, click Next. 

3 

Select Set up an additional server, and click Next. 

4 

Select The server ID file is stored in the Domino Directory, and click Next. 

5 

Enter the hierarchical name of your assigned server, for example 

East03/SVR/WWCorp, and click Next. 

6 

For Setup Internet services, click Customize, and: 

■ Select SMTP service. 

■ Deselect DOLS Domino Off Line Services. 

Click OK and click Next. 

7 

Leave the default network settings unless the instructor advises otherwise, 
and click Next. 

8 

For Other Domino server name, enter Hub/SVR/WWCorp, and click Next. 

9 

Select Set up as a primary Domino directory (Recommended), and click 
Next. 

10 

Leave the default security options selected, and click Next. 

11 

Review the selections, and click Setup. 

12 

Enter password(s), if prompted. 

13 

When setup is complete, click Finish. 

14 

Launch the Domino server. From Windows, choose 

Start-> Programs-^ Lotus Applications-^ Lotus Domino Server. 
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Setting Up Additional Servers ...(continued) 


Server setup profiles can automate future setups 


Administrators performing large enterprise deployments can use the record and 
playback options to create and use server setup profiles for future server setups. 
For example, administrators can record the options selected for a particular type 
of server and play this back to set up many servers of this type. 

See the following Domino Administrator 6 Help documents for more information: 

■ Creating a server setup profile, 
a Using a server setup profile. 
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Clearing the Server ID with Nlnotes.exe 


If an additional server’s ID was created with a password, an administrator can 
clear the password after setup, if needed. 


Options for clearing the server ID password 


Clearing the server ID password requires local access to the ID file. Two different 
dialog boxes contain an option to clear a password. The dialog boxes can be 
invoked either: 

■ With the Domino Administrator client by choosing 

Configuration->Certification->ID Properties, and clicking Browse to locate 
and select the server ID. 

■ Without the Domino Administrator, by starting Nlnotes.exe from the program 
directory of a Domino server machine installed on a Windows platform. 
Nlnotes.exe starts a Notes client from which an administrator can choose 
File->Security->User Security to remove the password from the server ID. 


Other uses of Nlnotes 


Nlnotes can be very useful when local access to a server’s data directory is 
needed but an Administrator client is not installed on the Windows machine. 

Nlnotes should be used with extreme caution because it defaults to: 
■ Non-secure access to the server’s data directory 

Caution " Use server ^ as a user ^ 
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Deployment Tasks Implemented 


One very significant task was completed in this lesson. 



Checklist: Building the Domino environment 


The bolded task in the Implementation Checklist was completed in Lesson 3. 



Task 

Procedure 

a 

1 

Set up the first server. 

a 

2 

Add an administrator’s workstation. 

□ 

3 

Set up access to the Domino Directory. 

a 

4 

Add Domino servers. 

a 

5 

Add Organizational Units. 

a 

6 

Register administrators. 

□ 

7 

Add Notes clients. 

a 

8 

Create user groups. 

a 

9 

Create organizational policy. 

□ 

10 

Register users. 

□ 

11 

Set administration preferences. 

a 

12 

Set up access to servers. 

a 

13 

Set up server logging. 

a 

14 

Synchronize Domino system databases throughout the domain. 

a 

15 

Route mail internally. 

a 

16 

Route mail to the Internet. 

a 

17 

Set mail controls. 

a 

18 

Test mail routing and delivery. 
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Adding Notes Clients 


Worldwide Corporation needs workstations to administer the servers. We will use 
the organizational unit certifiers, /East/WWCorp and /West/WWCorp, and Domino 
Directory to add more users to the Domino intranet. 


Objectives 


Upon completion of this lesson, you should be able to: 

v' Set up workstations for administrators. 
s Create user groups. 
s Create policies. 

s Set up ID file backup for new users, 
v' Add users to a Domino Domain. 
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Creating Regional Organizational Unit 
Certifiers for Users 

Worldwide created the /SVR/WWCorp organizational unit certifier during first 
server setup. Worldwide now needs the organizational unit certifiers for the East 
and West regions to register users according to the deployment plan. 


Directory entries for organizational units 


The certifier registration process creates a document for the organizational unit 
certifier in the Domino Directory. Certifier registration results in the following: 

■ A Certifier document in the Domino Directory. 

■ The Certifier document contains the certified public key. 

■ During authentication, the key is compared with the key in an ID file. 

■ A certifier ID file for certifying descendants of this organizational unit. 


Access to create OU certifiers 


Only those administrators who meet the requirements can register organizational 
units. As with registering servers and users, an administrator needs: 

■ The appropriate access to the Domino Directory, including Author access or 
higher, and the Create documents privilege. Roles are not required. 

■ One of the following: 

■ Access to a certifier ID file and password. 

■ Registration authority for a certifier migrated to use the server-based 
certification authority. 


The registration server 


Select a registration server when registering a certifier or other Domino resource. 
Domino creates the appropriate document in the Domino Directory on the 
registration server first. Then, Domino replication distributes changes to replicas 
of the Domino Directory on other servers in the domain. 
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Creating Regional Organizational Unit Certifiers for 

U S e r S ■ • • (continued) 



Creating an organizational unit certifier 


After identifying the parent certifier, follow these steps to create the organizational 
unit certifier. 


Step 

Action 

1 

From Domino Administrator, select the server to administer. 

2 

Select the Configuration tab. 

3 

On the Tools pane, choose Registration->Organizational Unit. 

4 

In the Choose a Certifier dialog box, perform the following: 

a. Click Server and select the appropriate server. 

b. Select Supply certifier ID and password. 

c. Click Certifier ID, select a certifier ID file, and click Open. 

d. Then, click OK. 

5 

Enter the certifier ID password, and click OK. 

6 

On the Certifier Recovery Information warning, click OK. 

7 

In the Register Organizational Unit Certifier dialog box, perform the following: 

■ Click Registration Server, select a registration server, and click OK. 

■ Click Set ID File, enter the new certifier ID file name, and click OK. 

■ Enter the Organizational Unit name. 

■ Select a Password quality, and enter a certifier password. 

■ Select a Security type. 

■ Enter the name of an administrator or group of administrators to receive 
certification requests. 

■ Click Register. 

8 

Click OK. 
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User Registration Options 


First server setup creates an administrative user automatically. All other Notes 
users must be registered before they can set up their Notes workstations. Before 
registration, determine the mail server on which to store each user’s mail file. 


Mail servers for each administrator 


The following diagram represents classroom servers and the mail files for 
administrators. 
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User Registration Options ...(continued) 


Access to register users 


Only those administrators who meet the requirements can register users. 
Administrators must have: 

■ Access to the certifier ID file and password. 

■ The appropriate access to the Domino Directory, including Author access or 
higher, the Create documents privilege, and the UserCreator role. 


What are Internet password options? 


■ Set internet password puts an Internet password in the Internet Password 
field of the Person document. 

■ Synch internet password with Notes Password puts the specified Notes 
password in the Internet password field of the Person document and changes 
the Internet password whenever the user changes the Notes password. 


ID file distribution options 


The Registration process provides two options for administrators to store the 
user’s ID file, as described in the following table. 


ID File Option 

Requirements 

Attach the ID file to the user’s Person 
document in the Domino Directory. 

The ID must be password-protected. 

Store the ID file on disk. 

The ID file must be accessible to the 
user before the user can set up the 
workstation. 
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Registering the Administrators 



Register new administrators 


Using the instructor’s workstation, follow these steps to register a new 
administrator. 


Step 

Action 

1 

From Domino Administrator, select Hub/SVR/WWCorp to administer. 

2 

Select the People & Groups tab-^ Domino Directories 
section ->WWCorp’s Directory section-^ People view. 

3 

From the Tools pane, choose Peopled Register. 

4 

Click Cancel when prompted for the certifier password, 

5 

Click Certifier ID, select the appropriate certifier ID for your region, click 

Open, and click OK. 

6 

Enter the certifier ID password (provided by the instructor), and click OK. 

7 

On the Certifier Recovery Information Warning, select Do not show this 
warning for this certifier ID in the future, and click OK. 

8 

On the Basics panel, perform the following steps: 

■ Click Registration Server, select Hub/SVR/WWCorp, and click OK. 

■ Enter your assigned First name and Last name from the Mail servers for 
each administrator diagram. 

■ Click Password Options and select the following: 

■ For Password Quality scale, select Weak password, not very secure 
(6). 

■ Select Set internet password to make the initial Internet password the 
same as the Notes password. 

■ Select Synch internet password with Notes ID password, and click 
OK. 

Note: This keeps the Internet password synchronized with the Notes 
password whenever the user changes the Notes password. 

■ Enter lotusnotes for the password. 


(continued on next page...) 
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Registering the Administrators... fconf/mvoc/j 


Register new administrators.... 


Step 

Action 

9 

Select Advanced to see more panels and options. 

10 

On the Mail panel, perform the following steps: 

■ Click Mail server. Enter the appropriate server name from the diagram 
titled Mail servers for each administrator, and click OK. 

■ Select Create file in background. 

■ Accept the defaults for the other options on the Mail panel. 

Note: The selection for “Create files now” only works if the specified mail 
server is currently running. 

11 

On the Address panel: 

■ Select FI LastName (first initial, last name) for Address name format. 

■ Verify that the Internet domain is correct. 

12 

On the ID Info panel, perform the following steps: 

■ Verify that the Certifier ID is the correct one for your region. 

■ Select the appropriate Security type for the classroom location with 
guidance from the instructor. 

■ Select to store the user ID in both places: 

■ In the Domino Directory 

■ In file 

13 

On the Groups panel, select the LocalDomainAdmins group, and click Add. 

14 

Click </j, to add the user to the Registration queue. 

15 

Click Register All to begin registering all users in the registration queue. 
Result: A message appears stating that the Person registered successfully. 
Click OK. 

16 

When registration is complete, click Done. 
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Registering Users from a File 

Regular users can be registered at this time or later. To populate the Domino 
Directory for later classroom activities, we will register users now. An alternative to 
entering names in the registration dialog box is to create a text file containing the 
names and information for users. The instructor will register users listed in a 
supplied text file. 



Registering users from a text file 


Follow these steps to import user names and information from a text file into the 
registration dialog box. 


Step 

Action 

1 

From Domino Administrator, select the server to administer. 

2 

Select the People & Groups tab-> Domino Directories section -^ your 
directory section-^ People view. 

3 

From the Tools pane, choose People-^ Register. 

4 

Click Cancel when prompted for the certifier password. 

5 

Click Certifier ID, select the appropriate certifier ID for your region, and click 
Open. Then, click OK. 

6 

Enter the certifier ID password, and click OK. 

7 

Click Password Options and drag the password quality scale to a strength 
appropriate for the passwords in the text file. Then, click OK. 

8 

Click Import Text File. 

9 

Select the text file and click Open. 

10 

Click OK when prompted that the users were successfully queued. 

11 

Click Advanced if changes are required. 

12 

Select individual entries in the queue to verify correct registration parameters 

on all panels. If needed, change settings for specific users, and click bfd, 
after each user, to apply the changes to the entry in the queue. 

13 

Click Register All. 

14 

Click OK when prompted that the users were successfully registered. 

15 

When registration completes, click Done. 


Note: For information on creating the text file, refer to the Domino Administrator 6 
Help document titled Registering users from a text file. 
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Replicating the Documents 


After modifying the Domino Directory, as happens during any registration task, 
replicas on other servers need the modifications. Replication synchronizes the 
replicas. 


The Domino Directories need synchronization 


At this point, each replica of the Domino Directory has only documents that 
existed on the hub server at the time of additional server setup. Therefore, the 
additional servers have the following: 

■ A Server document for each classroom server, because all servers were 
registered on the hub server. 

■ The Doctor Notes Person document, because Doctor Notes was created 
during first server setup. 

■ Only Person documents that were registered on that server. 

To facilitate name lookup for users sending mail, the Person documents need to 
be on each server’s replica of the Domino Directory. Now that the servers are 
running, the instructor can replicate with all classroom servers to ensure that all 
Person documents are in each replica. 



Restart the server to activate Server document changes 


The newly replicated Server documents have changes on the Security tab. The 
instructor edited security restrictions to enable later activities. Changes to security 
restrictions may require a server restart. Follow these steps to restart your server. 


Step 

Action 

1 

At the server console, enter Restart Server. 

2 

If prompted for a password on the server machine, enter lotusnotes. 
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Setting Up the Workstations 


The workstation setup program configures the workstation and connects it to the 
Domino intranet. The workstation connects to a Domino server whose Domino 
Directory contains a Person document for the user. 


Classroom workstation implementation 


The following diagram represents the administrators and mail servers for the 
classroom. Use this diagram and the steps on the next page to set up your 
workstation. 
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Setting Up the Workstations.. ■ (continued) 



Set up a workstation 


Follow these steps to set up the administrators’ workstations. 


Step 

Action 

1 

Launch Domino Administrator to start the setup program. 

From Windows, choose Start->Programs-> Lotus Applications-^ 

Lotus Domino Administrator. 

2 

On the Welcome screen, click Next. 

3 

On the User Information screen, enter the following information: 

■ Your Name: Your assigned user name. 

■ Domino Server: The hierarchical name of your assigned server. 

■ Select 1 want to connect to a Domino server. 

Then, click Next. 

4 

Enter the user’s password, and click OK. 

5 

Click Next. 

Note: We will not be using the Notes client to connect with Internet servers, 
so we do not need to select Internet protocol options here. These options 
create Account documents in the Personal Address Book. 

6 

Click Next to confirm LAN connection setup is complete. 

7 

When setup is complete, click OK. 

Result: The Domino Administrator program starts. 



Close the Welcome screen 


Follow these steps to close the Welcome screen. 


Step 

Action 

1 

On the Welcome screen, select Don’t show this again. 

2 

Click the X in the task window to close the Welcome screen. 
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Using Domino Administrator 


The Domino Administrator contains menu and graphic options for performing 
most of the management functions. The Domino Administrator allows connecting 
to different servers and can perform certain functions on multiple servers with a 
single click. 



Select your assigned server to administer 


Follow these steps to ensure that you make changes to the Domino Directory on 
your assigned server. 


Step 

Action 

1 

From Domino Administrator, display the Server pane for the WWCorp 

domain by clicking the Domain Servers icon 1®, and click the push pin to 
secure the pane. 

2 

Choose Administration-^ Refresh Server List->Current Domain. 

3 

In the Server pane, expand the All Servers section, and select your 
assigned server. 

4 

Right-click your assigned server and choose Add Server to Favorites to 
add your server to the Favorites icon. 

5 

Click the Favorites icon ^ to verify that your assigned server is in the 
Favorites list. 
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Navigating Domino Administrator 
Exercise 



Verify the components created so far 


Use the Domino Administrator to locate the following components to answer the 
questions below the list of components. 


■ Your Server document 

■ The Certifier documents 

■ Your Person document 

■ The Group document you created 

■ Your Server’s mail. box 

■ Mail file(s) on your server 


Questions to answer: 

■ In the Server document for your server, what name is in the Administrators 
field? Is this the name you entered when registering your server? 


■ Is there a document for each of the four classroom certifiers? 


■ Does the mail file listed in your Person document exist? 


74 


Administering IBM Lotus Domino 6: Building the Infrastructure 


Lesson 4 ■ Adding Notes Clients 


What Is the Administration Process? 

The Administration Process (Adminp) is a program that automates routine 

administrative tasks, such as: 

■ Name-management tasks, such as rename person, rename group, delete 
person, delete group, delete server name, recertify users, and store Internet 
certificate. 

■ Mail file-management tasks, such as delete a Mail file and move a Mail file. 

■ Server document-management tasks, such as store CPU count, platform, and 
place network protocol information in Server document. 

Components of the Administration Process 


Maintaining the Administration Process requires monitoring key components. The 
following table lists the components of the Administration Process. 


Component 

Description 

Administration 

Process task 
(Adminp) 

Posts, responds to, and carries out requests in the 
Administration Requests database. 

Administration server 

Server responsible for completing many Administration 

Process requests. The Administration server is assigned for 
each database in the ACL-> Advanced panel. Some 
Administration Process requests are completed on a server 
other than the Administration server, for example, on the 
server where the request was created. 

Administration 
Requests database 
(Admin4.nsf) 

Every server in the domain stores a replica of the 

Administration Requests database. 

Replicas of the Administration Requests database distribute 
requests made on one server to other servers in the domain or 
send mail requests to servers in other domains. 

Certification Log 
(Certlog.nsf) 

The Administration Process requires this database to perform 
name changes and recertifications. 

The Certification Log contains a permanent record of how 
users and certifiers are registered, including information about 
the certifier ID. The Certification Log also contains messages 
that describe the results of recertification requests that the 
Administration Process is processing. 
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Using Database Tools in Domino 
Administrator 


The Domino Administrator enables creating replicas of a database on multiple 
servers with one command. All servers used to register and manage users should 
have a replica of the Certification Log, so this is a good use of creating replicas. 



Creating replicas on multiple servers 


Follow these steps to create a replica of the Certification Log on multiple servers. 


Step 

Action 

1 

From Domino Administrator, select the Files tab. 

2 

Select the Certification Log database from the list. 

3 

On the Tools pane, choose Database-* Create Replica(s). 

4 

Select each server that needs a replica and click Add, or select Other, click 
Add, and enter a server name. 

5 

Accept the default file name or change it if required. 

6 

Check Copy Access Control List. 

7 

Click OK to create the replica. 


Result: Two Administration Process requests lead to creation of a replica on each 
server immediately. Because the Administration Process creates the replicas, the 
server that contains the database being replicated needs to be listed in each 
receiving server’s Server document-* Security tab-*Create new replicas field. 


Use Help to determine timing and execution of Administration Process requests 

■ When performing an action that triggers the Administration Process, determine the 
following by referring to the Domino Administrator 6 Help document titled 
Administration Process Requests: 

■ The timing of the request you are using. 

■ The server that performs the request. 

■ Other requests that might be generated by the action. 

■ The Administration Process can be run manually to trigger a change before the next 
scheduled running. 
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User and Server Groups 

Worldwide Corporation has determined that they will use groups to facilitate 
administration and user activities. A group is a list of users and/or servers who 
have something in common. For example, a group can have the name of a 
department and contain all the department’s members. 


What are the benefits of using groups? 


Groups enable using a single word, the group name, to represent multiple users 
and/or servers. Use group names for mailing lists and administrative functions to 
simplify the listing of users and/or servers. Adding a user to a group dynamically 
controls the user’s access to resources that specify the group name. 


What are nested groups? 


Group maintenance is made easier by including groups within other groups 

(nesting one inside the other). For example, the Members of a group named 

Global Marketing could be group names of regional marketing divisions. 

Advantages of nesting groups include: 

■ Determining the members by adding only a few entries — the nested group 
names. 

■ Distributing administration of regional groups, while central administrators 
control large groups by nesting. 

■ Bypassing the size limitation of 1 5K of text in the members field of a Group 
document. 


Administering IBM Lotus Domino 6: Building the Infrastructure 


77 


Lesson 4 


■ Adding Notes Clients 

User and Server Groups...(continued) 


What happens if a user is a member of two groups? 


A user can be in more than one group. If a database’s ACL has entries for two 
different groups, and a user is a member of both groups, then the user gets the 
access level for the more-privileged group. For example, a user is allowed 
Manager access to a database if the user is a member of the following two groups 
that are both listed in an ACL: 

■ Groupl , which has Manager access 

■ Group2, which has Reader access 

Groups of the type Deny List only are an exception. A Deny List only group always 
takes precedence over any other group, regardless of access level. 


A user name in an ACL takes precedence over all groups 


If an ACL lists a user by name, the user gets the access level associated with the 
user name. Group entries are ignored for that user. 


Using a Deny List only group 


One group type, Deny List only, is for server access control and cannot be used 
for other purposes. Enter a Deny List only group in the Not access server field of 
the Server document, to deny the members access to the server. For example, 
create a Deny List only group and enter names of people who have left the 
organization. A conventional choice for such a group name is Terminations. The 
Deny List only group type has a special characteristic. When the Administration 
Process is used to delete instances of a user name throughout the Domino 
Directory, this process does not delete names from Deny List only groups. 
Therefore, members of Deny List only groups remain listed permanently. 
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Using Groups to Facilitate 
Administration 


Nesting groups makes group maintenance efficient. 



Create a group 


Follow these steps to create mailing lists for certain users. 


Step 

Action 

1 

From Domino Administrator, select your assigned server to administer. 

2 

Select the People & Groups tab-> Domino Directories 
section->WWCorp’s Directory section-^ Groups view. 

3 

Click Add Group. 

4 

Enter a group name provided by your instructor. 

5 

Select Mail Only for the Group type, and click OK. 

6 

(Optional) Enter a description appropriate to the name of the group. 

7 

Add Doctor Notes/WWCorp as a member. 

Note: You will add more members in a later exercise. 

8 

Click Save & Close. 



Nest a group 


Follow these steps to nest groups. 


Step 

Action 

1 

From Domino Administrator, select a server to administer. 

2 

Select the People & Groups tab-> Domino Directories 
section-^WWCorp’s Directory section->Groups view. 

3 

On the Tools pane, choose Groups-> Manage. 

4 

In the left pane, select LocalDomainAdmins to include in the parent group. 

5 

In the right pane, select the parent group you created earlier. 

6 

Click Add. 

7 

Repeat Steps 4 through 6, but select two non-administrative users as 
members. 

8 

In the right-hand pane, select Doctor Notes/WWCorp and click Remove. 

9 

When finished managing groups, click Done. 
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Policy-Based Management 


Policies can control many user and administrative functions. An administrator can 
enforce Notes and Domino policies of various types and apply them to various 
groupings of users. 


Key concepts regarding policies 


Here are key concepts to understand regarding policy management. 

■ A policy is the Policy document and its associated Settings documents. Each 
Policy document contains pointers to selected Settings documents. This 
combination of the Policy document and its Settings documents constitutes 
one policy. 

■ A policy can be either: 

■ Organizational, meaning it applies to an organization or an OU. 

■ Explicit, meaning it applies to specific users and may include users from 
different OUs. 

■ Policies can apply to various sets of users. They can apply to an entire 
organization, an OU, a group of users, or even one user. Multiple policies can 
apply to the same user and these can contain a contradictory value for the 
same setting. A precedence system determines which setting a user gets. 

■ In general, a policy that is more specific to a given user, takes precedence 
over a more general policy. For example, settings in an explicit policy take 
precedence over the corresponding settings in an organizational policy. 

■ An Administrator can change this precedence scheme by selecting Inherit 
or Enforce for individual settings. An Administrator can also make the 
entire policy an Exception policy, meaning that its settings will take 
precedence over corresponding settings in all ancestor policies. 



Classroom 

Scenario 


Worldwide Corporation will have the following two policies: 

■ An Organizational policy that specifies a password length for the 
entire organization 

■ An explicit policy to make the password optional for certain users 
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Policy-Based Management...(continued) 


What are Settings documents? 


There are numerous settings an administrator can specify in five types of policy 
Settings documents. 

The following table shows examples of settings in each type of Settings 
document. 


Type of Settings 
Document 

Description 

Registration 

Specifies default settings on the User Registration dialog 
box. 

Setup 

Specifies numerous types of settings to implement during 
Workstation setup. 

Desktop 

Specifies numerous types of settings to implement on an 
ongoing basis. For example: 

■ A custom corporate welcome page. 

■ Smart Upgrade options. 

Archiving 

Specifies what documents or attachments to archive from 
mail files and where to place the archive. Server-to-server 
archiving can archive all mail files to central server. 

Security 

Specifies controls on Notes and Internet passwords, as 
well as the Execution Control List (ECL). 


When are the settings applied to users? 


Settings are applied either statically or dynamically: 

■ Static Settings 

■ Set during user registration, or 

■ Set during Workstation setup. 

■ Dynamic Settings 

■ Set dynamically when the user is logged in to the server. 

■ For example, the Desktop Settings document contains many of the same 
settings as the Setup Settings document so that these settings can change 
dynamically, whenever a user authenticates with the server. If a user 
changes one of the desktop settings, it will change back to the value 
specified in the Desktop Settings document at the next authentication. 
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Creating an Organizational Policy 


For classroom purposes, most users in the organization will have a weak 
password quality. An Organizational policy will enforce this during user 
registration. If certain users do not need a password, an explicit policy can 
override this the password setting. 



Creating an Organizational policy 


Follow these steps to create a policy for an organization or an OU and assign 
registration settings to the policy. 


Step 

Action 

Result 

1 

In the Domino Administrator, select 

the Configuration tab. 


2 

In the Tools pane, choose 

Policies-> Create. 


3 

Select Policy, and click OK. 

On the Warning, click Yes, if 
appropriate. 

The Policy document displays. 

4 

For Policy Name, enter the 
organization name (or organizational 
unit name). 


5 

For Policy Type, select 

Organizational, and click OK. 

The Policy name changes to 
hierarchical format. The wildcard 
symbol (*) indicates that this policy 
applies to every user in the 
organization. 

6 

Locate the Registration section, and 
click New in that row. 

On the Warning, click Yes, if 
appropriate. 

The Registration Settings document 
displays. 


(continued on next page...) 
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Creating an Organizational Policy ...(continued) 


Creating an Organizational policy... 


Step 

Action 

Result 

7 

Perform the following in the new 
Registration Settings document. 

On the Basics tab: 

a. For Policy Name, enter a 
descriptive name, such as: 

Reg set for the 
organization. 

b. For Choose a registration server, 
select the appropriate server. 

c. For Choose a Password Quality, 
select an appropriate quality. 


8 

Click Save & Close to save the 
Registration Settings document. 

Focus is returned to the Policy 
document. 

9 

Press ctrl+s to save the Policy. 

Click the Drop-down arrow next to 
Registration, select the name of the 
new Registration Settings document, 
and click OK. 

The name of the Registration 

Settings document appears in the 
field. 

10 

Click Save & Close. 
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Creating and Assigning an Explicit 
Policy 

Worldwide also requires a policy for certain users who are allowed the option of 
using their Notes IDs without a password. 



Create an explicit policy 


Follow these steps to create an explicit policy which can later be assigned to 
specific users or groups. 


Step 

Action 

1 

In the Domino Administrator, select the Configuration tab. 

2 

In the Tools pane, choose Policies^ Create. 

3 

Select Policy and click OK. 

Result: The Policy document displays. 

4 

For Policy Name, enter Password Optional. 

5 

For Policy Type, select explicit. 

6 

Locate the Registration section, and click New in that row. 

On the Warning, click Yes. 

Result: The Registration Settings document displays. 

7 

In the new Registration Settings document, perform the following. 

■ On the Basics tab: 

■ For Policy Name, enter Reg optional password <your 
initials>. 

■ For Choose a registration server, select your server. 

■ For Choose a Password Quality, select Password is Optional (0). 

■ On the Mail tab, for Choose the mail server, select your server. 

8 

Click Save & Close to save the Registration Settings document. 

Result: Focus returns to the Policy document. 

9 

Press ctrl+s to save the Policy, then click the small triangle next to 
Registration and select Reg optional password <your initials>. 

10 

Click Save & Close. 
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Creating and Assigning an Explicit Policy...(continued) 



Assigning policies during user registration 


Follow these steps to assign an explicit policy to a user during user registration. 


Step 

Action 

1 

From Domino Administrator, select the server to administer. 

2 

Select the People & Groups tab-^ Domino Directories section->your 
directory section-^ People view. 

3 

On the Tools pane, choose People-> Register. 

4 

Ensure that the appropriate certifier ID file is selected, enter its password, 
and click OK. 

5 

Read the warning that selecting this certifier ID will invoke its organization 
policy, and click OK. 

6 

On the Basics panel, perform the following steps: 

■ Ensure that the registration server specified in the Organization policy is 
selected. 

■ Enter a First name and Last name. 

7 

Click Policy Synopsis, note the PasswordQuality setting, and click OK. 

8 

For Explicit Policy, select the appropriate explicit policy. 

9 

Click Policy Synopsis, verify that the value of the PasswordQuality setting 
has changed, and click OK. 

10 

Click Advanced. 

11 

Click ID Info and verify that the following are correct: 

■ The Certifier ID file 

■ The options for storing the user ID 

12 

Click SU to add the user to the queue. 

13 

Select the user in the queue and click Register. 

14 

Click OK when prompted that the person was registered. 

15 

When registration is complete, click Done. 
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Viewing Policies and Assigning Policies 
to Existing Users 

There are various methods to assign explicit policies and view the effective policy 
of existing users. The effective policy is the combined collection of settings from 
different policies that apply to a user. 


Assigning an explicit policy to existing users 


During the demonstration, the instructor assigned a policy as a user was being 
registered. The Tools pane in Domino Administrator provides two methods to 
assign an explicit policy to an existing user: 

■ In the People view, by choosing Peopled Assign Policy. 

■ In the Groups view, by choosing Groups-* Assign Policy. 

Both methods set the explicit policy in the Person document(s). 


Displaying an effective policy for existing users 


Also during the demonstration, the instructor displayed the Policy Synopsis for the 
user who was about to be registered. There are two methods to display effective 
policies: 

■ In the People view, by selecting a Person document and choosing Policy 
Synopsis. 

■ On the Configuration tab, by selecting one of the following views: 

■ Polices-*by Settings, or 

■ Polices->by Hierarchy 

For more information on Policies, the Policy Viewer, and Policy Synopsis, refer to 
the Domino Administrator 6 Help. 
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Safeguarding ID Files 

Domino includes the ability to automate ID file backup. This process: 

■ Backs up ID files at various times, not only at initial user registration. 

■ Recovers an ID from backup. 

■ Unlocks a user ID when the password is unknown. 

■ Permits specifying multiple administrative passwords to unlock the ID. 


Subsequent backing up of existing ID files 


ID files with recovery information are automatically backed up after any of the 
following major changes to the ID file: 

■ Registering a new user 

■ Accepting new recovery information 

■ Generating a new public key 

■ Processing a name change 

■ Creating a new document encryption key 



Checklist: Backing up ID files 


Complete the following tasks to set up ID file backup. 



Task 

Procedure 

□ 

1 

Configure certifier ID and database to store IDs. 

□ 

2 

Update recovery information for existing IDs. 

Note: This is a two-part process requiring intervention by both: 

■ An administrator 

■ The user 
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How to Set Up ID File Backup 

This procedure sets up administrators to unlock an ID. It also create the mail-in 
database to store ID recovery information. 


Task 1 : Configuring the certifier ID and database to store IDs 


Follow these steps to specify administrators authorized to recover ID files for a 
particular certifier ID file. 


Step 

Action 

1 

From Domino Administrator, select the Configuration tab. 

2 

On the Tools pane, choose Certification^ Edit Recovery Information. 

3 

Click Server, select the server on which to locate the Certificate document in 
the Domino Directory, then click OK. 

4 

Select Supply certifier ID and password. Click Certifier, select the certifier 

ID file, and click Open. 

5 

Click OK. 

6 

Enter the certifier ID’s password, and click OK. 

7 

Click Add. 

8 

Select the appropriate administrator's name, then click Add. 

9 

Repeat Step 8 for each authorized administrator. 

10 

Click OK when finished adding administrator’s names. 

11 

Do one of the following: 

■ Select 1 want to use an existing mailbox. 

a. Click Address. 

b. Select a user or mail-in database. 

c. Click OK. 

■ Select 1 want to create a new mailbox. 

a. Click Address. 

b. Select the server to store the database. 

c. In the Mail Title field, enter a database title. 

d. In the File Name field, enter a database file name. 

e. Click OK. 

12 

Enter the number of recover authorities required to unlock an ID file. 

13 

Click OK. 

14 

Click Yes to confirm saving the recovery information. 

15 

Enter the certifier ID password, and click OK. 
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How to Initiate Backup of Existing IDs 



Task 2: Updating recovery information for existing IDs 


This procedure sends mail to the user requesting ID backup information from the 
user's ID file. Follow these steps to request backup information from existing 
users. 


Step 

Action 

1 

From Domino Administrator, select the Configuration tab. 

2 

On the Tools pane, choose Certification-* Edit Recovery Information. 

3 

Click Server, select the server on which to locate the Certificate document in 
the Domino Directory, then click OK. 

4 

Select Supply certifier ID. Click Certifier, select the certifier ID file, and click 

Open. 

5 

Click OK. 

6 

Enter the password, and click OK. 

7 

Click Export. 

8 

Enter the certifier ID's password, and click OK. 

9 

Enter the names of users to which the request will be sent in the To field, then 
complete any other optional fields to send recovery information to the user. 
Note: Notes will use default information for any fields left blank. 

10 

Click Send. 

Result: Backup file information is automatically included in the body of the 
message sent by the administrator. 

11 

Click OK to close the Edit Master Recovery Authority List dialog box. 


Next, the user follows these steps. 


Step 

Action 

1 

Open the mail message from the administrator. 

2 

Choose Actions-* Accept Recovery Information. 

3 

Enter the password, and click OK. 
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How to Restore User Access 

The user and administrator both play roles in restoring user access. 



Checklist: Recovering an ID file 


The user and the administrator complete these tasks to recover an ID file. 



Task 

Procedure 

a 

1 

User requests to unlock an ID file. 

□ 

2 

Administrator provides password for ID file recovery. 


Task 1: User requests to unlock an ID file 


In this Guided Practice, you will act as the user, Michelle Grassi. The user follows 
these steps at the same time the administrator performs Task 2 to unlock the ID 
file. The instructor will act as the administrator and provide you with the recovery 
password. 


Step 

Action 

1 

Open your administrator’s mail file. 

2 

Open the mail message from Doctor Notes, and detach Michelle Grassi’s ID 
file to the \Notes\Data\lds\People directory. 

3 

Close Domino Administrator, and the Notes client, if running. 

4 

Start the Notes client. 

5 

When prompted for a password, click OK. 

6 

Click Recover Password. 

7 

Select \Notes\Data\lds\People\MGrassi.id, and click Open. 

8 

The instructor will demonstrate the Task 2: Administrator provides password 
for ID file recovery procedure to obtain the first password. 

9 

Enter the password provided by the instructor, and click Enter. 

Note: For additional passwords, repeat Steps 8 and 9. 

10 

Enter and confirm a new password, and click OK. 



Note: If the ID file is lost, the user must request that the administrator detach the 
ID file from the Backup IDs database, and make it available to the user through a 
diskette, network location, or alternate e-mail address. 
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How to Restore User Access. . . (continued) 



Task 2: Administrator provides password for ID file 
recovery 

Follow these steps to provide the user with the recovery password. 


Step 

Action 

1 

Detach the backup copy of the user's ID from the user in the Mail-in 
database. 

2 

From Domino Administrator, select the Configuration tab. 

3 

On the Tools pane, choose Certification-* Extract Recovery Password. 

4 

Enter the administrator's password, and click OK. 

5 

Select backup ID file, and click Open. 

6 

Repeat the recovery password displayed in the dialog box to the user. 


Best Practice: Secure the new ID 

Once an ID file has been recovered, users should: 

■ Regenerate the ID file recovery information by accepting new recovery information or 
re-accepting the recovery information previously sent by the administrator. 

■ Generate a new Notes key pair to limit the chance of someone being able to use a 
stolen ID file. 
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Registering Users Exercise 

In this exercise you will register users with options learned in this lesson. 



Register users 


Register two users using the following information: 


■ Name: Make up a name for each user. 

■ Certifier ID: East.id or West. id. 

■ Policy: Specify the explicit policy for one user. Allow the other user to have the 
organizational policy. 

■ Registration Server: Your server. 

■ Mail Server: Your server. 

■ Group: The group you created earlier. 


Why was the mail server blank? 


In the Registration dialog box, the mail server was blank because the policies do 
not specify a mail server. Policies override the administration preferences. 
However, you were able to manually select a mail server. 
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Platforms and Requirements 

The Release Notes for each version of Domino contain a section on supported 
platforms and system requirements. 



Locating supported platforms and system requirements 


Follow these steps to locate information on supported platforms and system 
requirements. 


Step 

Action 

1 

In Domino Administrator, select the Files tab. 

2 

Click the Help folder. 

3 

Double-click Readme.nsf. 

4 

At the top of the Navigator pane, click By Category. 

5 

Click Things you need to know category-* Platforms and requirements 

subcategory. 

6 

Read the document titled Notes and Domino 6 platforms & system 
requirements, and other documents applicable to your environment. 
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Deployment Tasks Implemented 


Several deployment tasks were implemented in this lesson to set up users on 
Notes clients. 



Checklist: Building the Domino environment 


The bolded tasks in the Implementation Checklist were completed in Lesson 4. 



Task 

Procedure 

a 

1 

Set up the first server. 

a 

2 

Add an administrator’s workstation. 

a 

3 

Set up access to the Domino Directory. 

□ 

4 

Add Domino servers. 

□ 

5 

Add Organizational Units. 

a 

6 

Register administrators. 

a 

7 

Add Notes clients. 

a 

8 

Create user groups. 

□ 

9 

Create organizational policy. 

□ 

10 

Register users. 

a 

11 

Set administration preferences. 

a 

12 

Set up access to servers. 

a 

13 

Set up server logging. 

□ 

14 

Synchronize Domino system databases throughout the domain. 

a 

15 

Route mail internally. 

□ 

16 

Route mail to the Internet. 

□ 

17 

Set mail controls. 

□ 

18 

Test mail routing and delivery. 
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Lesson 5 ■ Setting Up Server Administration 



Setting Up Server 
Administration 


Administrators require access to perform administrative tasks. Worldwide 
Corporation will use groups to facilitate managing administrators’ access to 
perform administrative tasks, such as: 

■ Access the server. 

■ Administer the server. 

■ Add or modify server connection information. 


Additionally, administrators need to configure the tools they will use to administer 
the server. 


Objectives 


Upon completion of this lesson, you should be able to: 

v' Specify administration preferences, 
v' Allow and restrict server access, 
v Allow administrators access to the Domino Directory. 
s Specify the level of detail recorded in the Domino Server Log. 
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Selecting Administration Preferences 


Administrators can customize the Domino Administrator work environment by 
selecting administration preferences. These preferences include the following 
choices: 

■ The domains to administer 

■ The type and order of file information displayed 

■ The way in which Domino collects and displays server monitoring data 

■ The defaults to use when registering users, servers, and certifiers 



Select domain and registration preferences 


Follow these steps to set the default settings for administering servers from 
Domino Administrator. 


Step 

Action 

1 

From Domino Administrator, choose File-^ Preferences^ Administration 
Preferences. 

2 

On the Basics panel, if the domain is not already set, click New, then enter 
the following information: 

■ Domain Name: WWCorp 

■ Domino directory server: Your assigned server name 

■ Select Change to this location and select Office (Network). 

Click OK. 


(continued on next page...) 
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Selecting Administration Preferences ...(continued) 


Select domain and registration preferences... 


Step 

Action 

3 

On the Registration panel, make the following selections: 

■ Click Registration server, enter your assigned server, and click OK. 

■ Click Mail options. Click Mail Server, select your assigned mail server as 
the default mail server, and click OK. 

■ Leave the other default mail settings, and click OK. 

■ Leave the default ID file settings. 

■ Click Certifier ID, select your OU certifier ID file, and click Open. 

■ Enter lotusnotes for the certifier ID’s password, and click OK. 

■ Click Yes to let the organizational policy for VWWCorp override the 
registration preferences you set. 

Result: The options buttons disappear. The values you just set for 
registration preferences will not be used, because the corresponding values 
in the policy take precedence. 

Note: To override the policy’s settings, change individual entries in the User 
Registration dialog box during registration. 

4 

Click OK to close the Administration Preferences dialog box. 

5 

In the Bookmarks pane, select your assigned server from the servers list. 



Add your user ID to the Location document 


Administrators sometimes need to switch ID to a different user. The most efficient 
way to do this is to create a Location document for each user and specify the 
appropriate ID file in each Location document. Follow these steps to specify your 
user ID in the current Location document. 


Step 

Action 

1 

Choose File->Mobile->Edit Current Location. 

2 

Select the Advanced tab and, in the User ID to switch to field, click ^ 1. 
Locate and select your assigned user ID file in the Notes client’s data 
subdirectory. 

3 

Click Save & Close. 
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Color-Coding Messages in the Server 
Console 

To differentiate messages that could indicate a need for administrator intervention, 
an administrator can select different colors for different message types. 



Customize colors in the server console 


Follow these steps to customize colors in the server console. 


Step 

Action 

1 

From the Domino Administrator, select the Server tab-> Status tab. 

2 

Select the Server Console view. 

3 

From the menu, choose Live Console->Server->Console Attributes. 

4 

(Optional) If configuring a different server’s attributes, select the server. 

5 

Select a color attribute for the background and for each type of event. 

6 

Exit and restart the Administrator client to activate the changes. 


Note: The Domino Administrator console defaults to using the same color scheme 
as the Domino server console. To specify a different color scheme for each 
console, refer to the Domino Administrator 6 Help document titled Customizing 
the appearance of the Domino server console and Domino Administrator console. 
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Controlling Server Access 


Two Domino security options control different aspects access to Domino servers: 

■ Domino authentication is the process in which Domino compares the user 
and server ID files to verify that they share a certificate in common. 
Authentication occurs when a user or server attempts to communicate with a 
server. 

■ Domino authorization is controlled by fields in the Server document that list 
users and servers allowed to access the server. 


Server access lists 


The following table describes some of the restrictions for authorizing server 
access. These fields are located on the Security tab in the Server document. 


To Allow/Restrict This 

Type of Server Access 

Set This Field 

Additional Notes 

To limit access to only those users 
listed in the Domino Directory 

Access server 
(Deselect the 

users listed in 
all directories 

checkbox.) 

No (default) allows access 
from users and servers in 
other domains. 

To explicitly allow people, servers, 
or groups access to this server 
and deny all others 

Access server 
(Enter or select 
names under the 
word “and”.) 

If this field is left blank 
(default), there is no access 
restriction. If any names are 
entered, they will be the only 
users or servers that can 
access the server. 

To explicitly deny people, servers, 
or groups access to this server 

Not access 

server 

This field is for explicit 
restrictions, such as a Deny 
access group, and takes 
precedence over the Access 
server field. 
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Controlling Server Access ...(continued) 


Deny server access to former employees 


When people leave the company, nothing prevents them from taking copies of 
their IDs with them. To prevent them from accessing servers, create a group, such 
as Terminations, to include in the Not access server field. 

Use the Deny List only group type for this group. Groups of this type appear only 
in the Deny Access Groups view in the Domino Directory, not in the Groups view. 
Also groups of this type cannot be used for any purpose other than server access. 
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Controlling Server Access ...(continued) 


User access to the server 


The following table describes the fields on the Security tab in the Server document 
that determine some of the privileges users have to access a server. 


To Allow Users or 
a Group This Type of Access 

Edit This Server 
Access Field 

Additional Notes 

Create replica databases on this 
server. 

Create new 
replicas 

Blank allows no one. This 
field also applies to other 
servers creating replicas 
on this server. 

Create databases on this server. 

Create new 
databases & 
templates 

Blank allows all. This field 
applies to other servers 
creating databases on 
this server. 



Setting access to create databases on the server 


Follow these steps to allow users the ability to create databases and replicas on 
the server. 


Step 

Action 

1 

From Domino Administrator, select the server to administer. 

2 

Select the Configuration tab-> Server section^ All Server Documents 

view. 

3 

Select your server, and click Edit Server. 

4 

On the Security tab-^ Server Access section, enter the following 
information: 

■ Create databases & templates: Specify users who should be able to 
create databases and templates on this server, or leave this field blank to 
allow all users. 

■ Create new replicas: Specify users and servers who should be able to 
create replicas on this server. 

5 

Click Save & Close. 
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Activating Changes to Server Access 
Fields 

The Domino server accepts commands from the console on the server machine, 
or from Domino Administrator on a workstation. Administrators can issue 
commands to the Domino server to perform many administration tasks, such as: 

■ Start or stop server tasks. 

■ Instruct a server task to perform a function. 

■ Change server configuration variables. 

■ Restart the server. 

Settings changed in the Domino Directory usually activate within a few minutes. 
To activate a change immediately, a server restart may be required. 



Restarting the server 

Follow these steps to restart the server remotely using Domino Administrator. 

Note: This procedure works remotely only if the server ID is not password- 
protected, because the password prompt appears on the server machine. 


Step 

Action 

1 

From Domino Administrator, select the server to administer. 

2 

Select the Server tab-> Status tab. 

3 

Select the Server Console view, and click Live. 

4 

Enter Restart Server, and click Send. 

5 

On the server machine, enter a password if prompted. 


Use group names in Server documents 

■ Use group names instead of user names in Server documents. 

■ Domino caches changes made to existing groups. Therefore, if the security 
restrictions fields contain group names, adding a user name to the group does not 
require restarting the server. 
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Setting Administration Access 


The Server document includes settings to designate levels of administrative 
access for different categories of administrators in the organization. For example, 
only a few people can be designated as Administrators, while other members of a 
team are designated as Database Administrators. 

Administration levels 


The following table outlines the levels and their general rights. 



Enter Select 
System 
Commands 

Full OS 
Access 

General 

Administrative 

Tasks 

Manage 

Databases 

Use 

Remote 

Console 

Use Some 
Console 
Commands 

Full 

X 

X 

X 

X 

X 

X 

Administrator 



X 

X 

X 

X 

Database 




X 



Full Remote 
Console 





X 

X 

View only 






X 

System 

X 

X 





Restricted 

System 

X 








Setting administration levels 


Administration levels are set on the Server document-^Security tab. Follow 
these steps to modify the settings. 


Step 

Action 

1 

From Domino Administrator, select the server to administer. 

2 

Select the Configuration tab-> Server section->AII Server Documents view. 

3 

Select your server and click Edit Server. 

4 

Select the Security tab. 

5 

In the Administrators section, enter the user or group name in the appropriate 
access field. 

6 

Click Save & Close. 
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Setting Administration Access ...(continued) 

What are the Administration levels? 


The following table describes the levels in more detail. 


Level 

Description 

Full Access Administrators 

■ Same rights as Administrators (below), plus: 

■ Manager access to all databases, 
regardless of ACL 

■ All programmability rights 

■ All passthru rights 

■ Issue operating system-level commands 

■ Overrides the Deny Access list 

■ Similar to root level access on UNIX 

Administrators 

Common Administrator tasks, for example: 

■ Can issue any remote console command. 

■ Perform database maintenance tasks. 

■ Use message tracking and track subjects. 

Database Administrators 

Perform database maintenance tasks: 

■ Set administration server in database ACLs. 

■ Create, compact, and delete database 
replicas and master templates. 

■ Maintain full-text indexes. 

■ Maintain directories and links. 

■ Maintain options, such as database quotas. 

Full Remote Console Administrators 

Can issue any remote console command. 

View-Only Administrators 

■ Can use a safe subset of commands: 

(SHOW SERVER, SHOW TASKS). 

■ Cannot affect server operation. 

System Administrators 

Can issue operating system commands. 

Restricted System Administrators 

Can issue restricted subset of operating system 
commands defined in the Server document. 

Administer the server from a 
browser (Web) 

For pre-Domino 6 servers only: 

■ Permits using the Web Administrator client 
(WebAdmin.nsf) to administer the server. 

■ Uses database ACL to define Web 
administration roles. 

■ Honors new administrator access fields. 
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Setting Administration Access ...(continued) 


Full Access Administrator recommendations 


This level is required only for system maintenance and troubleshooting tasks 
where all other administrators cannot gain access to the server. This access level 
should only be given to trustworthy people who truly need access to all databases 
on the server. 


Given the powerful level of access that this setting allows, recommendations for 
this field are listed in the following table. 


Recommendation 

Description 

Leave the field blank. 

No administrator has Full Access rights. 

Create a special Full Access 
Administrator ID file. 

For example, create an ID for Full Admin/ 
Sales /WWCorp and use that name in the Full 
Access Administrator field. 

Administrators must login with or switch to this 
user ID to gain this level of access. 

Disable Full Access Administrators 
in the Notes.ini file. 

Set SECURE_DI SABLE_FULLADMIN= 1 .This 
causes the server to ignore any values in the 

Full Access Administrator field in the Server 
document. 

When access is required, remove the line from 
the file and restart the server. 


Note: An administrator who is configured to be Full Access Administrator must 
activate Full Access Administrator mode by choosing Administration->Full 
Access Administration. 


Administration levels and the Web Administrator 


The HTTP server task routinely synchronizes the names listed in the 
Full Access Administrators or Administrators fields of the Web Server 
document with those listed on the Web Administration database (Webadmin.nsf) 
ACL. 

To give an additional administrator access to the Web Administrator, add the 
name in one of those fields. Names that are not already on the ACL list are added 
with Manager access and all roles. If the HTTP server detects a name that is 
already in the ACL, it does not update the access rights. 
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Setting Administration Access Exercise 


In this exercise, you will restrict administration access so that some other students 
have View-only administration access to your server. 



Set administration access 


Use these steps to configure this access and answer the questions on the next 
page. 


1 . On your Server documents Security tab, remove LocalDomainAdmins from 
the Administrators field. Then modify the administration levels to allow the 
access described in the following table. 


Users or Groups 

Administrator Access Level 

All admins in your OU 

For example: 

■ If you are in the East OU, enter 
* /East/WWCorp 

■ If you are in the West OU, enter 

*/West/WWCorp 

Administrators field 

All admins in the other OU 

For example: 

■ If you are in the East OU, enter 
*/West/WWCorp 

■ If you are in the West OU, enter 

* /East/WWCorp 

View-only Administrators field 


2. Once everyone has updated their access, from your Domino Administrator 
client, restart your server before testing. 

3. Select a server in the other OU and try to compact that server’s replica of the 
the file named Busytime. nsf using both of the following two methods: 

■ The Server tab->Server console view. Enter the following command: 

Load Compact Busy time. nsf 

■ The Files tab by choosing Tools pane->Database->Compact. 
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Setting Administration Access Exercise...(continued) 



Record administration access results 


Answer the following questions as you work through the exercise. 


■ Was the Domino Administrator interface different when you changed servers? 


■ For the server in the other OU, what tasks could you perform? 


■ Were the results expected, based on the access settings? 
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Recording Server Activity in the Log File 


Domino adds information about server activity to a special database, the Domino 
Server Log (Log.nsf). Individual documents in the log file contain a history of 
server startups and activity. 


What does the Domino Server Log contain? 


Domino automatically creates the Domino Server Log file, Log.nsf, when the 
server starts. The Domino Server Log contains information about server activity, 
such as: 

■ Mail routing events 

■ Replication events 

■ Server phone calls 

■ Session information 

■ Miscellaneous events 

■ Database usage 

■ User activity (if configured) 


Recorded level of detail 


Administrators can specify the level of detail to record in the Domino Server Log in 
the Domino server configuration file, Notes.ini. At server startup, Domino uses the 
ASCII text configuration file, Notes.ini, to determine the Domino server 
environment. The installation and server setup programs populate the Notes.ini 
file based on the options selected during installation and server setup. 
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Recording Server Activity in the Log File.. . (continued) 



Set logging levels 


Set the appropriate Notes.ini variables for logging by creating or editing a 
Configuration Settings document. Follow these steps to set logging levels. 


Step 

1 


2 


3 


4 


5 


6 


Action 

From Domino Administrator, select the server to administer. 

Select the Configuration tab-> Server section->AII Server Documents view. 
Select your server and click Edit Server. 

Verify that the Group or Server name field contains your assigned server name. 
Select the NOTES.INI Settings tab. 

Click Set/Modify Parameters. The following dialog box appears: 



For the Item field, click jj to select the LOG_MAILROUTING variable, and 
click OK. 


8 


9 

10 


11 


Read the Help information on this dialog box to learn what details are added 
for each increase in logging level. 

Enter an appropriate value and click Add. 

Repeat Steps 7 through 9 to set each of the following logging variables: 

■ Log_Replication 

■ Log_Sessions 

■ Log_Tasks 

■ Log_View_Events 

Click OK when finished setting variables. 


12 


Click Save & Close on the Configuration Settings document. 
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Deployment Tasks Implemented 


This lesson implemented tasks that facilitate administration and control server 
access. 



Checklist: Building the Domino environment 


The bolded tasks in the Implementation Checklist were completed in Lesson 5. 



Task 

Procedure 

□ 

1 

Set up the first server. 

a 

2 

Add an administrator’s workstation. 

a 

3 

Set up access to the Domino Directory. 

a 

4 

Add Domino servers. 

□ 

5 

Add Organizational Units. 

a 

6 

Register administrators. 

□ 

7 

Add Notes clients. 

a 

8 

Create user groups. 

□ 

9 

Create organizational policy. 

a 

10 

Register users. 

a 

11 

Set administration preferences. 

a 

12 

Set up access to servers. 

□ 

13 

Set up server logging. 

a 

14 

Synchronize Domino system databases throughout the domain. 

□ 

15 

Route mail internally. 

□ 

16 

Route mail to the Internet. 

a 

17 

Set mail controls. 

□ 

18 

Test mail routing and delivery. 


Administering IBM Lotus Domino 6: Building the Infrastructure 


111 


Lesson 6 ■ Synchronizing Domino System Databases 



Synchronizing Domino 
System Databases 


The Domino Directory is the central database in the Domino domain, and exists 
on every server in the domain. When administrators add servers and users to the 
Domino environment, those servers and users must appear in the Domino 
Directory on every server. A process called Replication keeps the Domino 
Directory synchronized on all servers in the domain. 

In addition to the Domino Directory, there are other databases that Domino uses 
to function properly, such as the Certification Log, that need to be synchronized on 
all servers in the domain. Other Domino applications used by the organization, 
such as workflow, tracking, and discussion databases, also need replication. 

Worldwide Corporation has planned a replication strategy to keep Domino system 
databases synchronized across all servers in the domain. 


Objectives 


Upon completion of this lesson, you should be able to: 

^ Create a group for server replication. 

s Set up the replication schedule to synchronize Domino system databases in 
the domain. 
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Synchronizing Domino Databases 

Replicas of a database can reside on different servers, enabling users to 
collaborate without having to use the same server. Replication synchronizes the 
changes made on these replicas, so that each replica has the required 
documents. 

Controlling replication 


Replication is the controlled synchronization between database replicas. The 
following types of controls enable an administrator to fine-tune the 
synchronization, which may include documents, design, and security changes. 


Control 

Purpose 

Replication type 

Replication type defines which servers do the 
work of replication. 

Database priority 

The Replication Settings dialog box contains a 
setting to indicate whether a database is high, 
medium, or low priority. 

Connection documents 

Connection documents can: 

■ Control replication type. 

■ Schedule replication timing. 

■ Control which databases replicate by: 

■ Listing specific databases and/or 
subdirectories. 

■ Specifying that databases of a certain 
priority will replicate. 

Selective replication 

Selective replication defines which documents 
replicate. 

Server access 

Fields in the Server document control access to 
the server. 

Access Control List 

Each replica’s ACL controls which servers can 
make changes to the replica. 

Element access 

Controls can be placed on documents and 
design elements to prevent certain servers from 
replicating specific elements. 
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Considerations for the Best Replication 
Topology 


Worldwide will consider several factors in determining a replication topology. 
Some of the factors require consideration of location, network topology, and 
system resources. 


Using multiple replication hubs 


For domains with multiple servers, especially those separated by distance or 
network topology, multiple replication hubs can be beneficial. For example, 
Worldwide could create Connection documents so that: 

■ All servers in the East region replicate to East06. 

■ All servers in the West region replicate to West06. 

■ East06 and West 06 replicate with Hub. 


Replication timing with multiple hubs 


Timing replication is even more important with multiple hubs. Four replications are 
required to replicate a document created on a spoke to a spoke in the other 
region. For example, with multiple hubs, changes made on East03 would require 
the following replications before the changes reach West03: 

1 . East03 replicates with East06 (the regional hub for the eastern region). 

2. East06 replicates with Hub. 

3. Hub replicates with West06 (the regional hub for the western region). 

4. West06 replicates with West03. 
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Considerations for the Best Replication Topology...(continued) 


A look at the multiple-hub scenario 


The following diagram represents a possible scenario for Worldwide Corporation. 
The regional hubs replicate with the Hub at headquarters. Then the regional Hubs 
replicate with servers in their region. 



Corporate 

Hub 


Headquarters 


West 


East 


Worldwide Corporation may consider using regional replication hubs. 
However, in the classroom, each server will replicate directly with the 
hub server for the following reasons: 

^ . ■ More hands-on experience 

Scenario 

■ Simpler schedule management 



Classroom 
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Considerations for the Best Replication Topology ...(continued) 


Replication types 


Domino supports the following four types of replication: 

■ Pull Pull 

■ Pull Push 

■ Pull only 

■ Push only 


Connection documents determine the replication type. If changes need to be 
distributed before the next scheduled replication, an administrator can force 
replication between two servers using one of the following: 

■ Console commands. 

■ Console commands and a text file listing servers and databases to replicate. 

■ The Domino Administrator client, by selecting the Server tab->Server tasks 
view->Tools pane, and choosing Server^ Replicate. This displays a dialog 
box with selections of: 

■ Servers with which to replicate 

■ Databases to replicate (or all databases in common) 

■ Replication type 

■ The Notes client or Domino Administrator client, by selecting the database to 
replicate and choosing File-> Replication-* Replicate, and selecting the 
server with which to replicate. 


Pull Push replication 


The default replication type is Pull Push, which performs bidirectional replication 
and requires only one Connection document between the source and destination 
servers. 

Using the Pull Push replication type, the initiating server’s Replicator pulls 
changes from the called server and then pushes changes to the called server. The 
initiating server’s Replicator does all the work, writing in both servers. 

For information on the other replication types, refer to the Domino Administrator 6 
Help. 
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Considerations for the Best Replication Topology...(continued) 


The advantage of streaming replication 


Streaming replication allows the replicator task to send multiple changes in one 
request and replicate smaller documents first. This is preferable because: 

■ It is faster than non-streaming replication. 

■ It allows users to use documents replicated first, while replication continues. 


How and when to use streaming replication 


Streaming replication requires no additional configuration, but is only used when 
the replication type is Pull Pull or Pull only. The work of pulling changes from 
another server requires sufficient resources. Therefore, spoke servers must have 
the capacity to handle half of the load of Pull Pull replication. 

■ In Pull Push topology, the Hub server does all the work. 

■ In Pull Pull topology, the Hub server and the spoke servers handle the load 
equally. 


Worldwide Corporation will use Pull Push replication between the Hub 
and the regions. They would have preferred to use Pull Pull replication 
to take advantage of streaming replication, but have determined that the 
Classroom current spoke servers are operating at their maximum capacity, and 
Scenario should not have additional demands. 
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Creating a Group for Server Replication 

The most efficient method of scheduling replication is to use server groups as the 
destination points for replication. 


Use server groups for replication 


As seen previously, using groups for server access and database access 
facilitates administration. Administrators can also use groups to schedule 
replication from one server to a group of servers. Using a group for server 
replication facilitates administration by: 

■ Reducing the number of Connection documents required to replicate with 
multiple servers 

■ Simplifying the process of including a new server in the replication 
topology 


Server group example 


The following diagram illustrates the benefit of using a server group for replication. 
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Creating a Group for Server Replication.. .(continued) 

Creating the groups for replication 

The classroom implementation calls for two server groups for replication: 

■ One group for the servers in the eastern region, created by the instructor. 

■ One group for the servers in the western region, also created by the instructor. 


Follow these steps to create the assigned groups. 


Step 

Action 

1 

From Domino Administrator, select your assigned server to administer. 

2 

Select the People & Groups tab-> Domino Directories 
section ->WWCorp’s Directory section->Groups view. 

3 

Click Add Group. 

4 

Enter the appropriate group name. 

5 

Select the Servers only Group type. 

Note: This is the only group type that will work to replicate with a group of 
servers using a Connection document. 

6 

Enter a description of the group’s purpose. 

7 

Enter (or select) the appropriate server names for members of the group. 

8 

Click Save & Close. 



Worldwide Corporation may consider using server groups in all 
Connection documents. In the classroom, each student will create a 
unique Connection document to replicate directly with the hub server. 

Classroom 

Scenario 
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Scheduling Replication 

An administrator uses Connection documents to schedule replication between 
servers. 


Review of the classroom replication topology 


The following items define Worldwide’s implementation of replication. 


Item 

Deployment Plan 

Establish a replication topology. 

Hub-and-spoke topology 

Which server will initiate the call? 

Hub 

Which server will receive the call? 

Spoke 

On which port will this session happen? 

TCPIP 

Which database(s) will be replicated? 

■ Domino Directory (Names. nsf) 

■ All other databases in common 

What priority of databases will be replicated? 

All priorities 

What replication types would be best? 

Pull Push 

At what times will replication occur? 

■ Domino Directory, every two hours 

■ All other databases, every six hours 

Is there a time limit for replication? 

No 


Scheduling critical applications 


Most companies should schedule the Domino Directory (Names. nsf), to replicate 
regularly throughout the day. Then, schedule all other databases to replicate at a 
less frequent time interval. Keep in mind that databases will only replicate if there 
are changes to distribute. 

For applications that are critical to the success of the business, consider one of 
the following options: 

■ Specify a replication priority of high for critical applications, then create a 
Connection document specifying high priority databases with a short interval. 

■ Place critical applications in a separate subdirectory under the Domino\data 
directory, then create a Connection document specifying this subdirectory to 
replicate at a short interval. 
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Scheduling Replicati on...(continued) 


Tip: Replicate based on change 

■ Set up a Connection document to replicate all databases under the Domino\data 
directory at a regular interval. 

■ This connection will not consume any additional system resources, as databases only 
replicate if there are changes to distribute. 


Replication schedule criteria 


Worldwide Corporation’s replication schedule requires the following: 

■ All databases under the Domino\data directory replicate every six hours to all 
servers. 

■ The Domino Directory (Names. nsf) replicates every two hours to all servers. 

■ The replication type is Pull Push. 



Creating a Connection document 


Follow these steps to create Connection documents to schedule replication. 


Step 

1 

2 


3 


Action 


From Domino Administrator, select the server to administer. 

Select the Configuration tab-^ Replication section-^ Connections view. 
Click Add Connection. This image shows a completed Connection document: 


Server Connection : Hub/WWCorp 

.'VS* ? . ' ... • • 




Basics | Replication/Routing 1 

Schedule j Comments | Administration | 





Replication task: 

^Enabled jjajj 

Routing task: 

None-jijjjj 


Replicate databases of: 

r Low & Medium l High j priority 




Replication Type: 

J ‘ Pul PushjjfjJd 




Files/Directocy Paths to 
Replicate: 

‘‘Names. nsf ^ (all if none specified) 




Fles/Directory Paths to NOT 
Replicate: 

f J! 




Replication Time Limit. 

minutes 









Use AutoDialer to connect 
remote server to network: 

* Disabled^ 




AutoDialer connection name: 

"FT 






(continued on next page...) 
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Scheduling Replication...(conf/nuedj 


Creating a Connection document... 


Step 

Action 

4 

On the Basics tab, select a Connection type. 

5 

Enter values or verify that the Source server and Source Domain fields are 
correct. 

6 

Enter the Destination server or server group, and Destination domain. 

7 

Click Choose ports, select the ports to use for this connection, and click OK. 

8 

On the Replication/Routing tab, enter information in the appropriate fields 
according to the following descriptions. 


Field 

Description 


Replication Task 

Set to Enabled. 


Replicate databases of 
priority 

The priority of the databases to be replicated for 
this schedule. 


Replication Type 

The type of replication to be used for this 
schedule. The default is Pull Push. 


Files/Directories to 
Replicate 

The specific databases or directories containing 
databases to replicate. A blank field results in all 
databases in common in the Domino\data 
directory structure replicating for this schedule. 


Replication Time Limit 

If this field has a value in it and the replication is 
not complete at the end of the specified time, or if 
the server crashes, then replication will begin 
where it left off once schedule replication restarts. 

9 

On the Schedule tab, enter the information in the appropriate fields according 
to the following descriptions. 


Field 

Description 


Schedule 

Set to Enabled. 


Connect at times 

Specifies either one discrete time, a list of times 
(each separated by a comma), or a time range. 


Repeat interval of 

Specifies the frequency of calls over the time 
range. 


Days of week 

Specifies the days of the week that the schedule 
should run. 

10 

Click Save & Close. 
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Replicating Selected Databases 
Exercise 


In this exercise you will establish a more frequent replication schedule for the 
Domino Directory. 



Create a Connection document for the Domino Directory 


Create a Pull Push Connection document on your server using the following 
information. 


Source Server 

Destination 

Server 

Databases to 
Replicate 

Repeat Interval 

Hub/SVR/WWCorp 

Your server 

Names. nsf 

120 minutes 
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Monitoring the Replication Schedule 
Exercise 


The following changes have been made to the Domino Directory: 

■ Two new server groups: East Mail Servers and West Mail Servers 

■ New Connection documents: 

■ Hub->East Mail Servers; all databases in common 

■ Hub->West Mail Servers; all databases in common 

■ Hub-><each server>; Names. nsf 

Each student made changes to the Domino Directory on different servers. 
Therefore, all documents do not appear in the Domino Directory on all servers in 
the domain. 



Replicate the Connection documents 


Since all servers in the domain should synchronize the Domino Directory, all 
administrators should force replication of the Domino Directory with Hub/SVR/ 
World to distribute the Connection documents. 


Note: Once the Connection documents appear in every Domino Directory, the 
replication schedule is in place. Domino will replicate based on the schedule 
information in the Connection documents. 



Use the Replication Tools 


In Domino Administrator, perform the following: 


■ Ensure that the Maps extractor task is running and view the Replication 
Topology maps by using the Server tab->Status tab->Server Tasks view. 

■ Graphically display the replication schedule by using the Replication tab^ 
Replication Maps->By Connections view. 

■ Confirm which replication events have occurred by using the Replication 
tab-> Replication Events view. 
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Deployment Tasks Implemented 


The tasks implemented in this lesson ensures that replicas on all servers have the 
same information. 



Checklist: Building the Domino environment 


The bolded task from the Implementation Checklist was completed in Lesson 6. 



Task 

Procedure 

a 

1 

Set up the first server. 

a 

2 

Add an administrator’s workstation. 

a 

3 

Set up access to the Domino Directory. 

a 

4 

Add Domino servers. 

a 

5 

Add Organizational Units. 

□ 

6 

Register administrators. 

a 

7 

Add Notes clients. 

□ 

8 

Create user groups. 

□ 

9 

Create organizational policy. 

a 

10 

Register users. 

□ 

11 

Set administration preferences. 

a 

12 

Set up access to servers. 

□ 

13 

Set up server logging. 

a 

14 

Synchronize Domino system databases throughout the domain. 

□ 

15 

Route mail internally. 

a 

16 

Route mail to the Internet. 

□ 

17 

Set mail controls. 

□ 

18 

Test mail routing and delivery. 
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Setting Up Intranet Mail 
Routing 


IBM Lotus Domino 6 supports two mail routing protocols: 

■ The Internet standard, SMTP (Simple Message Transfer Protocol) 

■ Domino’s native routing protocol, NRPC (Notes Remote Procedure Calls) 

It is possible to use a combination of SMTP and NRPC within a corporation. For 
example, Worldwide Corporation will route mail within the company intranet using 
Domino’s native routing protocol, NRPC, and route mail to the Internet using the 
SMTP protocol. 

This lesson discusses how to configure Domino servers to route mail within the 
company intranet. 


Objectives 


Upon completion of this lesson, you should be able to: 

s Configure intranet Domino mail routing. 
s Establish a mail routing schedule, 
v' Select a mail storage format. 
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Worldwide’s Intranet Mail Routing 
Architecture 



Classroom 

Scenario 


Worldwide Corporation’s Intranet Mail Routing Architecture includes: 

■ Hub-and-spoke topology - for mail routing as well as replication. 

■ Notes Remote Procedure Calls (NRPC) - takes advantage of 
Domino features such as: 

■ Sending document and database links via e-mail 

■ Notes public key security 

■ Mail-enabled workflow applications 

■ The following Domino Named Networks (DNNs) to control when 
mail routes and to reduce network traffic between regions: 

■ WWCorpHQ 

■ WWCorpEast 

■ WWCorpWest 


Classroom intranet (DNN) implementation 


The Hub server will route mail between the DNNs and is in a separate DNN. The 
servers in East and West will be in separate DNNs to enable scheduling of mail 
routing between regions. 


NRPC Mail Routing Between DNNs ► NRPC Mail Routing Within DNNs 



WestOI 

West02 


West03 

West04 


West05 

West06 
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How to Configure Intranet Mail Routing 


An administrator has many controls over Domino mail routing. These are covered 
in Module C: Setting Up the Messaging Infrastructure and Module D: 
Troubleshooting the Messaging Infrastructure. 



Checklist: Configuring intranet mail routing 


Complete these tasks to configure intranet mail routing. 



Task 

Procedure 

□ 

1 

Set up Domino Named Networks for mail routing. 

a 

2 

Schedule mail routing between DNNs. 

a 

3 

Select a mail storage format. 

a 

4 

Allow users access to run mail agents. 

□ 

5 

Set mail flow restrictions. 

a 

6 

Set mail transfer controls. 

□ 

7 

Set mail rules. 

a 

8 

Configure additional server mailboxes. 

□ 

9 

Test and troubleshoot intranet mail routing. 

a 

10 

Enable message tracking. 

□ 

11 

Test mail delivery to a user’s mail file. 


Note: Tasks 5 through 8 are covered in Lesson 9: Establishing Mail Controls. 
Tasks 9 through 11 are covered in Module D: Troubleshooting the Messaging 
Infrastructure. 
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Defining Key Mail Routing Components 
Exercise 


In this exercise, you will provide either the missing term or the missing definition. 



Define mail routing components 


Fill in the missing information in the following table either by providing a definition 
or by selecting the most appropriate term for the given definition. 


Term 

Definition 

Mail file 


Mail server 


yicaW 

Resides on the workstation and performs these tasks: 

■ Verifies the existence and spelling of the name(s) if the recipient is 
listed in the Domino Directory. 

■ Converts the message to Multipurpose Internet Mail Extensions 
(MIME), if necessary. 

■ Deposits the message in Mail.box on the sender’s mail server. 

N* £\YVU^ 

The Domino database that stores information about the sender’s (and 
possibly recipient’s) mail server, mail file system, mail file name, mail 
address, and connections to other servers for transfer and delivery. 

Mail.box 



A server-based task that delivers and transfers mail. It checks the 
Domino Directory for connections to other servers and deposits mail in 
users’ mail files and other servers’ Mail.box. 
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Determining Current DNNs 

Servers in the same DNN route mail automatically. An administrator can separate 
servers into different DNNs and use Connection documents to establish a mail 
routing schedule. 



Determine current DNNs 


Follow these steps to explore the current DNN for your server. 

Note: DNNs are also referred to as Notes Named Networks in Domino 
Administrator 6 Help and the Server document. 


Step 


Action 


Click the Domain servers icon 
WWCorp domain. 


to display the Server pane for the 


Select the Networks section to see a list of DNNs in the domain. 


View each section under Networks to determine the network to which your 
server belongs, and write the network name: 


To see where the DNN is defined, perform these steps: 

■ Select your server. 

■ Select the Configuration tab-> Server view-> All Server documents 

view. 

■ Select your Server document and click Edit Server. 

■ Select the Ports tab-> Notes Network Ports tab as shown below: 




Notes Network Ports J 

Internet Ports | Proxies j 





TCPIP 

TCP 

TCPIP Network 

hub.wwcotp.com 

ENABLED 

NetBIOS 


Hub Network 

Hub 

ENABLED 


Verify that the Notes Network name is the same as seen in Step 3. 


Disable all ports other than TCPIP Network. 
Click Save & Close. 


Note: Domino installation detects a machine’s network protocols and enables a 
port for each. It is important to check the Notes Network Ports tab after 
installation, and disable unneeded ports. 
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Setting Up Domino Named Networks 


DNNs that have the same protocol can route mail to each other based on 
Connection documents. Worldwide Corporation has decided to create a separate 
DNN for each region. 



Create DNNs for regions 


Follow these steps to edit the Server document and change the default DNN for 
classroom servers. 


Step 

Action 

1 

From Domino Administrator, select your server. 

2 

Select the Configuration tab-^ Server view->AII Server documents 
view-> Current server document-^ Ports tab-> Notes Network Ports tab. 

3 

Select your Server document and click Edit Server. 

4 

To change the DNN, perform these steps: 

a. In the TCPIP port row, enter wwcorpEast or wwcorpwest in the Notes 
Network field. 

b. Verify that the TCPIP port is Enabled. 

c. Accept the default for all other fields. 

5 

Click Save & Close. 

6 

Replicate the Domino Directory to update on all servers. 

Note: Instructor will perform replication for all servers. 


Tip: If you have multiple protocols, it is good practice to choose a DNN name that 
describes the protocol or location of the servers, for example, TCPIP East or 
WWCorpWestNet. 


Administering IBM Lotus Domino 6: Building the Infrastructure 


133 


Lesson 7 ■ Setting Up Intranet Mail Routing 


Setting Up Domino Named Networks...fconf/nuedj 



Update configuration 


Follow these steps to update routing and SMTP configurations. 


Step 

Action 

Result 

1 

Select the Server tab-> Status 
tab-> Server Console view. 

The server console appears. 

2 

Click Live. 

The server console becomes active. 

3 

Enter tell router update 
conf ig and click Send. 

■ Checks Domino Directory for 
changes and updates configuration. 

■ Reloads routing tables. 

■ Renumbers mailboxes. 

4 

Enter tell smtp update 
conf ig and click Send. 

Checks Domino Directory for changes 
and updates configuration. 
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Testing DNNs Exercise 

To send mail to Notes users within the domain, users need only enter a recipient’s 
name in one of the mail address fields. If users are in: 

■ The same DNN, mail routes automatically. 

■ A different DNN, mail routes based on Connection documents. 

Note: The difference is transparent to users, except for a possible time delay for 
mail transfer to another DNN. 


How do Notes users address mail within the same domain? 


The sender can enter any of the following recipient names when addressing a 
message to a user in the same domain: 

■ Common name 

■ Hierarchical name 

■ Short name 

■ Internet address 



Send messages to users 


1 . Send a message to a student in your DNN. 
■ Did the user receive the message? 
Why or why not? 


2. Send a message to Doctor Notes. 

■ Did Doctor Notes receive the message? 
Why or why not? 
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Routing Mail Between DNNs 


Mail routes automatically within each DNN. When using multiple DNNs, 
Connection documents are required to enable mail routings between DNNs. 

Configure Connection documents in the Domino Directory to set up 
communication between servers in other Domino Named Networks. The 
Connection documents include specific connection information, such as message 
threshold, and delivery schedule requirements. 


Hub-and-spoke mail routing topology 


Worldwide Corporation is using a hub-and-spoke topology because hub-and- 
spoke is the most efficient way to distribute changes to databases. 

Similarly, scheduling mail routing in a hub-and-spoke topology is the most efficient 
way to route mail between DNNs. 

The following diagram shows how Domino would route mail between Worldwide 
Corporation’s regions using a hub-and-spoke topology where each region is 
defined as a separate DNN. 


Connection document 
for mail routing 

Automatic mail routing 
within the DNN 


© 

EastOI 


0 

Juan’s mail server 
East04 




l3 




C3 


O 


P 




DNN: WWCorpEast 


DNN: WWCorpHQ 


E3 


□ 


■nl 


C3 


© 

WestOI 


® 0 


Mary’s mail 
server West06 


DNN: WWCorpWest 
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Using Connection Documents 


By default, both the mail routing and replication tasks are enabled in a single, new 
Connection document. When servers connect to replicate based on the schedule, 
Domino routes any pending mail. This is called opportunistic routing. 

The replication schedule may be sufficiently frequent to replicate databases. 
However, it may not be sufficiently frequent to transfer mail between DNNs. 

Tip: To optimize server connections, use opportunistic routing and create 
separate Connection documents with a shorter repeat interval for mail routing. 


Connection document mail routing options 


The following table describes some of the fields on the Replication/Routing tab in 
the Connection document that determine how and when mail routes. 


Field 

Description 

Routing task 

The task(s) for this connection, such as Mail routing. 

Route at once if X 
messages pending 

Routes Normal priority mail immediately, based on the number 
of pending messages. 

Router type 

The type of routing for this connection. Options are: 

■ Push Only (Default) - Only sends mail to the other server. 

■ Pull Only - Only receives mail from the other server. 

■ Push Wait - Waits for the other server to call before sending. 
The server that does the requesting selects Pull Only or Pull 
Push. 

■ Pull Push - Sends mail to the other server, then waits for the 
other server to send mail back. 
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Using Connection Documents...fcort/nued; 


All Router types require two Connection documents 


When two servers route mail to each other, each server needs to have a 
Connection document to allow for two-way communication. Two Connection 
documents are required, one for each server. 

Another form of opportunistic routing is to select Pull Push for one server and 
Push Wait for the other. 

Pull Push and Pull Only are used for both Notes mail and SMTP mail. 


Worldwide’s Connection documents 



Classroom 

Scenario 


■ Worldwide is using the Push Only Router type for Connection 
documents so that routing intervals and times between regional 
servers can be controlled separately. 

■ The schedule for East DNN servers will be set six hours ahead of 
the schedule for West DNN servers, to accommodate the time 
difference. 

■ Because Worldwide is using Push Only, the following two Connection 
documents are needed for each DNN: 

■ One to push mail from the hub to a server in the DNN 

■ One to push mail from the server in the DNN to the hub 
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Scheduling Mail Routing 


Worldwide now needs to establish routes between DNNs. The hub will act as 
intermediary between regions. Use Connection documents to route mail to and 
from the Hub server, since not all servers in the domain are in the same Domino 
Named Network. 



Implement the hub-and-spoke mail routing topology 


The instructor will select two administrator teams from each region to create two 
Connection documents to route mail to and from the Hub. The four teams should 
follow these steps to implement the mail routing topology. 


Step 

Action 

1 

From Domino Administrator, select your server. 

2 

Select the Configuration tab-> Messaging section-^ Connections view. 

3 

Click Add Connection. 

4 

Accept the default Local Area Network for the Connection type. 

5 

Team 1: In the Source server field, enter EastOl/SVR/WWCorp. 

Team 2: In the Source server field, enter Hub/SVR/WWCorp. 

Team 3: In the Source server field, enter WestOl/SVR/WWCorp. 

Team 4: In the Source server field, enter Hub/SVR/WWCorp. 

6 

Team 1: In the Destination server field, enter Hub/SVR/WWCorp. 

Team 2: In the Destination server field, enter EastOl/SVR/WWCorp. 

Team 3: In the Destination server field, enter Hub/SVR/WWCorp. 

Team 4: In the Destination server field, enter WestOl/SVR/WWCorp. 

7 

In the Source domain and Destination domain fields, enter WWCorp. 

8 

Click Choose Ports to select the TCPIP port to use for this connection, and 
click OK. 


(continued on next page...) 
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Scheduling Mail Routing. ..(continued) 


Implement the hub-and-spoke mail routing topology... 


Step 

Action 

9 

On the Replication/Routing tab, use pop-up field Help to view field 
descriptions, then make the following selections: 

■ Disable the Replication task. 

■ In the Routing task field, select Mail Routing. 

■ In the To route at once if 5 messages are pending field, enter 1. 

■ Accept the default Routing cost, 1 . 

■ Select the default Router type: Push Only 

10 

On the Schedule tab, use pop-up field Help to view field descriptions, then 
make the following selections: 

■ In the Schedule field, select the default: Enabled. 

■ Teams 1 and 2: Change Connect at times to: 12 : 00 AM - 11:59 PM 

■ Teams 3 and 4: Change Connect at times to: 6 : 00 am - 11:59 pm 

■ Change the repeat interval to 5 minutes. 

■ Accept the default Days of week. 

11 

Click Save & Close. 
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Testing Connection Documents 
Exercise 


In this exercise, you will verify that the Connection documents enable routing 
through the hub to the other DNN. 



Send messages to users 


1 . Send a message to a student outside of your DNN. 
■ Did the user receive the message? 

Why or why not? 


2. Send a message to Doctor Notes. 

■ Did Doctor Notes receive the message? 
Why or why not? 
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Selecting a Mail Storage Format 


The server stores messages in the user’s mail file on the mail server in either of 
the following mail formats: 

■ MIME (messages sent over SMTP are always sent in MIME format) 

■ Notes Rich Text 

Domino converts messages between formats as needed based on the protocol 
and the settings selected by administrators for incoming and outgoing messages. 
Users can specify the outgoing mail format. 


Worldwide’s mail storage format 


Worldwide is allowing messages to stay in their existing format to 
minimize the work of conversion between MIME and Notes Rich Text 
format. 

Classroom 

Scenario 




Select a mail storage format for incoming mail 


Follow these steps to select the mail storage format for a user. 


Step 

Action 

1 

From Domino Administrator, select your server. 

2 

Select the People & Groups tab-> Domino Directories 
section-^ WWCorp’s Directory section-^ People view. 

3 

Select your Person document, and click Edit Person. 

4 

On the Basics tab: 

■ Use the pop-up Help to view field definitions. 

5 

In the Mail section: 

■ In the Format preference for incoming mail field, select Keep in senders’ 
format. 

6 

Click Save & Close. 
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Selecting a Mail Storage JFormat...(continued) 


Select a mail format for outgoing mail 


The user’s Location document (Mail tab) specifies the format to use for mail sent 
to Internet addresses: MIME or Notes Rich Text. A user can select this option, or 
an administrator can specify the outgoing mail format in a Setup Policy document. 
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Deployment Tasks Implemented 


In this lesson, we completed the following steps in the Intranet Mail Routing 
checklist: 

■ Set up Domino Named Networks for mail routing. 

■ Schedule mail routing between DNNs. 

■ Select a mail storage format. 

■ Allow users access to run mail agents. 



Checklist: Building the Domino environment 


The bolded task from the Implementation Checklist was completed in Lesson 7. 



Task 

Procedure 

a 

1 

Set up the first server. 

□ 

2 

Add an administrator’s workstation. 

□ 

3 

Set up access to the Domino Directory. 

□ 

4 

Add Domino servers. 

□ 

5 

Add Organizational Units. 

□ 

6 

Register administrators. 

□ 

7 

Add Notes clients. 

a 

8 

Create user groups. 

□ 

9 

Create organizational policy. 

□ 

10 

Register users. 

a 

11 

Set administration preferences. 

□ 

12 

Set up access to servers. 

□ 

13 

Set up server logging. 

□ 

14 

Synchronize Domino system databases throughout the domain. 

a 

15 

Route mail internally. 

□ 

16 

Route mail to the Internet. 

a 

17 

Set mail controls. 

□ 

18 

Test mail routing and delivery. 
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Setting Up Mail Routing to 
the Internet 


Simple Messaging IVansfer Protocol (SMTP) is the industry standard Internet 
mail protocol. Domino supports native SMTP routing, Internet addressing, and 
native MIME content. Worldwide Corporation has decided to set up all mail 
servers to route mail to the Internet using SMTP. 

This lesson discusses how to configure a Domino SMTP Router and set up 
Router controls to send mail to the Internet using the SMTP routing protocol. 


Objectives 


Upon completion of this lesson, you should be able to: 
Enable SMTP routing. 

s Configure basic and advanced settings for SMTP routing, 
v Restrict mail flow to and from the Internet. 
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Worldwide’s Internet Mail Routing 
Architecture 



Classroom 

Scenario 


Worldwide Corporation is using the following for their Internet Mail 
Routing Architecture: 

■ Simple Messaging Transfer Protocol (SMTP) to route mail to and 
from the Internet since SMTP is an industry standard Internet routing 
protocol native in Domino. 

■ All servers in the classroom will be configured to route mail externally 
using SMTP. Mail servers will route through the Hub server. The Hub 
server will route mail to and from the Internet. 

■ All servers will have SMTP set externally to route to the Hub. 

■ All mail servers will set outbound controls. 

■ The Hub server will set inbound and outbound controls. 


Classroom Internet implementation 


In the classroom implementation, the Hub server is set up to route mail to the 
Internet. Every mail server sets SMTP outbound controls in the Configuration 
Settings document. 
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Choosing the SMTP Configuration 


There are two main SMTP scenarios and these can be combined. This section 
describes the scenarios and their advantages. 


All servers enabling SMTP 


All servers can enable SMTP but relay mail through specific servers connected to 
the Internet. The advantages of this scenario are: 

■ Uses relay hosts to control SMTP traffic and exposes only the relay hosts to 
the outside world. 

■ Facilitates an infrastructure with other SMTP mail packages running in-house. 

■ Allows all servers to perform conversion to MIME, distributing the work of 
conversion. 

■ Allows use of DNS to configure failover and load balancing with MX records. 


Selected servers enabling SMTP 


Selected servers can enable SMTP and other servers transfer Internet-bound mail 
to these servers using the standard Notes protocol, NRPC. This requires 
configuring Foreign SMTP Domain Documents and SMTP Connection 
documents to specify the route to the Internet or to specific Internet domains. It 
also requires SMTP servers to specify the SMTP Mail Routing task in the Server 
Document-^ Routing tasks field. Advantages of this scenario include: 

■ Accommodates Domino sites that set up Domino SMTP prior to Domino 
Release 5. This was the only option in releases prior to Release 5. 

■ Messages route internally via NRPC to reach the designated SMTP server, 
where conversion would then occur. 

■ Allows directing messages to specific SMTP servers based solely on the 
Foreign SMTP Domain Documents and SMTP Connection documents. 


Combining the scenarios 


SMTP-enabled servers can also use Foreign SMTP Domain Documents and 
SMTP Connection documents to control domain-specific mail routing. For 
example, WWCorp might send many messages to two Internet domains and 
could configure a different relay host for each domain. 
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Best Practice for SMTP 


In a best practice SMTP implementation, two servers connect to the Internet and 
set SMTP controls — one inbound and one outbound — to limit the number of 
control documents. 


Tip: Limit the number of SMTP control documents 

■ It is best to use one Configuration Settings document that includes a server group 
name instead of a document for each server. 

■ Multiple Configuration Settings documents are more likely to conflict with one another 
and produce undefined results. 


Best practice implementation 


The following diagram shows one of the best practice implementations. 



148 


Administering IBM Lotus Domino 6: Building the Infrastructure 








Lesson 8 ■ Setting Up Mail Routing to the Internet 


Sample Internet Mail Routing Topology 

Message transfer over SMTP routing is performed as a point-to-point exchange 
between two servers. The sending SMTP server contacts the receiving SMTP 
server directly and establishes a two-way transmission channel with it. To send a 
message over SMTP: 

■ The sending server checks the recipient's address, which is in the format 
localpart@ domain, and looks up the domain in the Domain Name Service 
(DNS). 

■ DNS returns the Mail Exchanger (MX) record for the domain, indicating the IP 
address of the servers in the domain that accept mail over SMTP. 

■ The sending server connects to the destination server over TCP/IP, 
establishes an SMTP connection on port 25, transfers the message, and 
closes the connection. 


Sample scenario 


The following diagram shows how mail would route from the mail servers to the 
Internet. It is good practice to limit the points of entry into the infrastructure for 
security and control. Additional inbound and/or outbound SMTP servers can be 
added to increase performance, if needed. 


Relay 




© 


Hub/SVR/WWCorp 



Mary Costello 
West03/SVR/WWCorp 
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How to Configure Mail Routing to the 
Internet 

Sending and receiving mail over SMTP occurs by means of the SMTP listener 
task and SMTP Router, respectively, each of which are enabled separately. 

■ The SMTP listener task handles incoming SMTP connections and delivers 
messages received over those connections to Mail. box. 

■ The Router task for SMTP is the same Router task that handles Notes routing 
(NRPC). When a message in Mail. box requires transfer to another server, the 
Router determines where to send it and whether to send it over NRPC or 
SMTP. 



Checklist: Configuring mail routing to the Internet 


Complete these tasks to configure mail routing to the Internet. 



Task 

Procedure 

□ 

1 

Enable the SMTP listener task on appropriate servers. 

□ 

2 

Configure basic SMTP options. 

□ 

3 

Restrict mail flow to and from the Internet. 

□ 

4 

Set advanced SMTP options. 

a 

5 

Configure Internet mail addressing. 

□ 

6 

Test and troubleshoot Internet mail routing. 


Note: Task 6 is covered in Lesson 11: Resolving Common Mail Problems. 
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Enabling the SMTP Listener 

SMTP can be enabled on any server, during server setup. Once SMTP is enabled, 
Domino does not require or support a separate mail transfer agent (MTA) to send 
mail outside of the Domino Domain. 

If SMTP routing is selected during server setup, Domino uses the default SMTP 
settings in the server Configuration Settings document. Administrators can 
change SMTP settings to tailor SMTP mail routing for their site. 



Enabling the SMTP listener task 


Follow these steps to enable the SMTP listener task, if SMTP is not enabled 
during server setup. 


Step 

Action 

1 

From Domino Administrator, select the server to use SMTP mail routing. 

2 

Select the Configuration tab-^ Server section->Current Server 
document. 

3 

Click Edit Server. 

4 

On the Basics tab, complete the following fields: 

■ Fully qualified Internet host name: Enter the server's complete combined 
host name and domain name, including the top-level domain. 

■ The fully qualified host name is usually added to the Server document 
during server setup or by the Administration process (AdminP). 

■ SMTP listener task: Select Enabled. 

5 

Click Save & Close. 
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Configuring Basic SMTP Settings 

Configuration Settings documents, located in the Domino Directory, contain 
settings that control how tasks run on each server. 

Basic SMTP settings 


The following table describes some of the basic SMTP settings. 


Field 

Descriptions 

SMTP used when 
sending Messages 
outside of the local 
Internet Domain 

■ Indicates if the Router can send SMTP messages to other 
SMTP hosts outside the local Internet domain. 

■ Required for any server that uses a relay host, whether the 
relay host is a Domino server or not. 

■ If disabled, the Router will use the NRPC protocol, 
connection, and domain documents to route the mail to a 
server that is SMTP outbound enabled. 

SMTP allowed 
within the local 
internet domain 

Indicates whether or not the Router can consider transferring 
mail to Domino servers in the local Domain via SMTP. 

Servers within the 
local Notes Domain 
are reachable via 
SMTP over TCPIP 

■ If enabled, all servers in the local Notes domain with the 

SMTP listener task enabled can be reached via SMTP. 

■ If disabled, only those servers in the same Domino Named 
Network are reachable via SMTP. The default is Always. 

Relay Host for 
messages leaving 
the local internet 
domain 

Indicates which relay host to send messages to, such as an ISP 
or firewall server, for any message sent outside the local Internet 
domain. 

Host Name Lookup 

■ Where the Router should look to resolve an Internet host 

name. 

■ The default is Dynamic then local, which uses DNS first, 
then the local hosts file. 
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Configuring Basic SMTP Settings™ (conf/m/ed; 



Configure SMTP in the Configuration Settings document 


Follow these steps to change the SMTP settings. 


Step 

Action 

1 

From Domino Administrator, select your server. 

2 

Select the Configuration tab-^ Messaging section-^ Configurations view. 

3 

Select the Configuration Settings document for your server, and click Edit 
Configuration. 

4 

Select the Router/SMTP tab. 

5 

On the Basics tab, complete the SMTP fields as follows: 

■ SMTP used when sending Messages outside of the local Internet Domain: 

Enabled 

■ SMTP allowed within the local internet domain: Disabled 

■ Servers within the local Notes domain are reachable via SMTP over TCPIP: 
Only if in same Notes Named Network 

■ Relay Host for messages leaving the local internet domain: Enter 
hub . wwcorp . com 

■ Host Name Lookup: 

■ If DNS: Dynamic lookup only 

■ If Hosts file: Local lookup only 

6 

Click Save & Close. 
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Restricting Mail from or to the Internet 


To specify how mail is sent to and from the Internet, set inbound and outbound 
SMTP controls. 

Tip: Use one server for inbound and one for outbound to avoid bottlenecks, and 
for optimum performance. 


SMTP Inbound Controls 


Inbound Controls specify from which external hosts the Domino mail server 
accepts messages. With Inbound Controls, it is possible to allow or deny: 

■ Receiving messages from specific external Internet domains 

■ Receiving unsolicited commercial messages in general or from sources listed 
in one or more DNS Blacklists (DNSBLs) 

■ Receiving messages directed to specific Notes addresses 

■ Relaying of messages from specific external Internet hosts to external Internet 
domains 


SMTP Outbound Controls 


Outbound Controls specify who can send mail to the Internet from within an 
organization. With the Outbound Controls, it is possible to allow or deny sending 
messages: 

■ To specific Internet addresses to be sent out to the Internet 

■ From specific Notes addresses to the Internet 

Note: SMTP Inbound and Outbound Controls apply only to routing mail externally 
via SMTP. 



Classroom 

Scenario 


Worldwide has determined the following restrictions for inbound and 
outbound mail: 

■ Prevent mail from passing through external domains. 

■ Enable Blacklist filters. 

■ Prevent Sales personnel from sending messages to the Internet. 
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Restricting Mail from or to the Internet ...(continued) 



Preventing mail from passing through the domain 


Follow these steps to prevent the current domain from relaying messages from 
external domains. 


Step 

Action 

1 

Edit the Configuration Settings document for your server. 

2 

Select the Router/SMTP tab -> Restrictions and Controls tab->SMTP 
Inbound Controls tab. 

3 

In the Deny messages to be sent to the following external internet domains field, 
enter an asterisk (*). 

4 

Click Save & Close. 


Tip: Allow or deny specific IP addresses 

■ Use the restrictions and controls to allow or deny mail to or from specific IP addresses. 
To do this, specify a range of IP addresses to allow or deny as appropriate. Include the 
IP addresses block in brackets, for example: [198.114.90.*]. 

■ In the example, all IP addresses that begin with 198.114.90 are excluded, or allowed 
exclusively, to send mail through the SMTP server. 


Tip: Allow or deny specific host names 

■ To allow or deny a range of host names, enter the portion of the host name and insert 
the asterisk (*) where appropriate. For example, use ‘.xyz.com to block all hosts 
ending with .xyz.com. 

■ Entering mail.com would also restrict hotmail.com. To restrict only the host name 
mail.com, enter ‘.mail.com or @ mail.com. 
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Restricting Mail from or to the Internet ...(continued) 



Enabling DNS Blacklist filters 


Follow these steps to enable Blacklist filters for SMTP. 


Step 

Action 

1 

Edit the Configuration Settings document. 

2 

Select the Router/SMTP tab-> Restrictions and Controls tab->SMTP 
Inbound Controls tab. 

3 

In the DNS Blacklist Filters section-^ DNS Blacklist filters field, select 

Enabled. 

Result: Additional fields appear, allowing further control. 

4 

Click Save & Close. 


Note: Any host that is authorized to relay is exempt from Blacklist checks. For 
example, by default, Domino enforces the inbound relay restrictions only for 
external hosts (Perform Anti-Relay enforcement field for these connecting hosts). 
If the default setting is used, internal hosts are not subject to relay controls, and 
thus are also exempt from Blacklist checks. Administrators must use the exclusion 
list provided in the relay enforcement controls as a whitelist. 



Prevent Notes users from sending mail over SMTP 


Follow these steps to prevent Sales users from sending messages to the Internet. 


Step 

Action 

1 

Edit the Configuration Settings document for your server. 

2 

Select the Router/SMTP tab -> Restrictions and Controls tab->SMTP 
Outbound Controls tab. 

3 

In the Deny messages from the following Notes addresses to be sent to the 
Internet field, enter Sales. 

4 

Click Save & Close. 
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Choosing Advanced Configuration 
Options 


Although it is not required, Domino supports E/SMTP (extended SMTP settings). 

These settings allow finer control over mail. For example: 

■ To reduce connection charges, set the extended Turn (ETRN) extension to 
enable the calling server (for example, an ISP server) to request the called 
server to push mail to the ISP server. This configuration requires that the ISP 
pay for the connection charges. 

■ To restrict messages of a specific size from being delivered, enable the Size 
extension field. The send will immediately fail if the message size is greater 
than the maximum size allowed on that server before the message is 
transmitted. Set the maximum message size on the Restrictions tab. 



Configuring E/SMTP options 


Follow these steps to set controls to reduce connection charges and set message 
size restriction. 


Step 

Action 

1 

Edit your server Configuration Settings document. 

2 

Select the Router/SMTP tab-> Advanced tab^ Commands and 

Extensions tab. 

3 

Complete the fields as follows: 

■ ETRN Command: Select Enabled. 

■ Size extension: Select Enabled. 

4 

Click Save & Close. 


Tip: ETRN requests the ISP to send messages to the Domino server after the 
server finishes sending messages. If the SMTP server makes dial-up 
connections, maximize the connection by enabling ETRN. Specify either Pull Only 
or Pull Push routing in the Connection document for the ISP server. 
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Configuring Internet Addressing 

To enable Notes users to send and receive mail to and from Internet users, set 
users’ Internet address during user registration. An administrator can also set or 
change the Internet address of existing users. 



Set the Internet Address field of existing users 


Follow these steps to set the Internet Address field for an existing user. 


Step 

Action 

1 

Select your server to administer. 

2 

Select the People & Groups tab-> Domino Directories 
section->WWCorp’s Directory section-^ People view. 

3 

Select your Person document in the view. 

4 

From the Tools pane, choose People->Set Internet Address. 

5 

In the Set Internet Address dialog box, make the following changes: 

■ Select Use existing address from shortname field, if available. 

■ Select FI LastName format. 

■ Select Underscore for Separator. 

■ Enter the Internet domain: wwcorp . com 

6 

(Optional) Select More options to define the address further. 

7 

Click OK. 


& 

Caution 


If no users are selected in the view, every Person document will change to 
reflect the new Internet address format. 
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Configuring Internet Add ressi ng . . . (continued) 



Specify how to look up Internet addresses 


The Address Lookup field on the Router/SMTP tab-> Basics tab determines what 
part of the address to consider when looking up the recipient of an inbound SMTP 
message. Follow these steps to specify how to look up Internet addresses. 


Step 

Action 

1 

Edit the Configuration Settings document. 

2 

Select the Router/SIVITP tab-> Basics tab. 

3 

In the Address Lookup field, select Fullname then Local part. 

Note: This setting allows Domino to look up users, groups, and mail-in 
databases for mail received via SMTP. 

4 

Click Save & Close. 


Note: The Address Lookup field applies to routing SMTP mail within the local 
domain as well as inbound mail from outside the domain. 
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Testing SMTP 

Worldwide’s implementation of SMTP relays all SMTP outbound mail through the 
hub server. The Router first searches Person documents for the Internet address. 
If no match is found, the Router sends the message to the Internet. 



Send mail to Internet addresses 


Follow these steps to send two messages using SMTP. 


Step 

Action 

1 

From the Notes client: 

■ Create a mail message addressed to a WWCorp user. For example: 
GBernard@WWCorp.com. 

■ Create a mail message addressed to a non-existent user. For example: 
xyz@ .jkjkjkjkjk.com. 

Note: Do not send the messages yet. 

2 

From the Domino Administrator, select the Server tab-^ Status tab. 

3 

In the Navigator pane, select the Server Console view. 

4 

Click Live. 

5 

Return to the Notes client and send both messages. 

Result: Messages are sent using SMTP to the Hub server. 

Note: In a real-world scenario, the message would then be relayed to the 
Internet (the server listed as the relay host on the Hub’s Configuration 

Settings document). 

6 

Return to the Server Console to see how messages were sent. 
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Deployment Tasks Implemented 


In this lesson, we completed the following steps from the Internet Mail Routing 
checklist: 


■ Enable the SMTP listener task on appropriate servers. 

■ Configure basic SMTP options. 

■ Restrict mail flow to or from the Internet. 

■ Set advanced SMTP options. 

■ Configure Internet mail addressing. 



Checklist: Building the Domino environment 


The bolded task from the Implementation Checklist was completed in Lesson 8. 



Task 

Procedure 

a 

1 

Set up the first server. 

a 

2 

Add an administrator’s workstation. 

a 

3 

Set up access to the Domino Directory. 

a 

4 

Add Domino servers. 

a 

5 

Add Organizational Units. 

□ 

6 

Register administrators. 

□ 

7 

Add Notes clients. 

a 

8 

Create user groups. 

□ 

9 

Create organizational policy. 

□ 

10 

Register users. 

a 

ii 

Set administration preferences. 

a 

12 

Set up access to servers. 

a 

13 

Set up server logging. 

□ 

14 

Synchronize Domino system databases throughout the domain. 

□ 

15 

Route mail internally. 

a 

16 

Route mail to the Internet. 

a 

17 

Set mail controls. 

a 

18 

Test mail routing and delivery. 
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Establishing Mail Controls 


When setting up a mail infrastructure, it is important to set limitations on how and 
when mail routes to ensure control over the environment. This lesson covers the 
types of controls that can be set and provides practice on setting some specific 
controls. 


Objectives 


Upon completion of this lesson, you should be able to: 

s Restrict mail flow. 

^ Set delivery controls, 
v' Set mail transfer controls, 
v' Create mail rules. 
s Establish mail quotas, 
v' Set up server for mail journaling. 
s Establish an archive policy. 
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Restricting Mail Flow 

The server Configuration Settings documents contain default settings for routing 
mail internally in the domain. Administrators can change the default settings to 
tailor mail routing for their site. 


Restrictions and controls 


The Restrictions and Controls tab contains fields that control mail flow to and 
from other Domino and Internet domains. The following table describes some of 
the Restrictions and Control fields. 


To Control This Type of 
Mail Flow 

Use This Field 

Additional Notes 

Allow only the specified 
domains to send mail to 
this domain. 

Allow mail only from 
domains 

Blank field allows all 
domains except those 
explicitly listed in the Deny 
mail from domains field. 

Restrict specific domains 
from sending mail to this 
domain. 

Deny mail from domains 

Blank field indicates there 
are no domains restricted. 

Restrict only specific 
organization hierarchy to 
send mail to this domain. 

Allow mail only from the 
following organizations 
and organizational units 

Use wildcards, for 
example, */Earth, or */US/ 
Earth. 

Deny messages larger 
than a specific size. 

Maximum message size 

A non-delivery report is 
sent to the sender if the 
message is larger than the 
specified size. 

To route large messages 
as low priority, therefore, 
defer transferring until a 
different time of day. 

Send all messages as low 
priority if message size is 
between 

The maximum end of the 
range is the value in the 
Maximum message size 
field. 


Note: The Router restrictions fields also apply to mail routed to the Internet. 
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Restricting Mail ¥\o\N...(continued) 



Configure Router restrictions 


Large mail messages should be sent during off-peak hours. 


Follow these steps to edit the server Configuration Settings document to set the 
maximum message size restrictions. 


Step 

Action 

1 

Edit the Configuration Settings document. 

2 

Select the Router/SMTP tab-> Restrictions and Controls tab-> 

Restrictions tab. 

3 

In the Router restrictions section, complete the fields as follows: 

■ Maximum message size: 10,000KB 

■ Send all messages as low priority if message size is between: 

■ Select Enabled 

■ Enter 5, 000 

4 

Click Save. 

Result: The Configuration Settings document remains open. 

5 

To have settings take effect immediately, enter tell Router Update 
Configuration at the server console. 

Note: Otherwise, the updates take place every 5 minutes. 


Tip: To manage costs and connection times, send all large messages, such as 
those between 2 to 10 MB, low priority, instead of restricting them entirely. 


■ If the size is too low, it may prevent messages from ever being sent. 

■ Make sure a Connection document exists that specifies mail routing 
during off-peak hours. 

Caution 



164 


Administering IBM Lotus Domino 6: Building the Infrastructure 


Lesson 9 ■ Establishing Mail Controls 


Controlling Mail Delivery 


Delivery controls allow customization of message delivery, including how many 
threads are used to deliver messages, whether the messages must be encrypted, 
how long the server waits for a pre-delivery agent to run, and whether the Router 
supports the forwarding action in Notes client mail rules. 


Delivery controls 


The Delivery Controls tab contains fields that control mail delivery. The following 
table describes some of the Delivery Control fields. 


To Control This Type of 

Mail Delivery 

Use This Field 

Additional Notes 

Maximum number of server 
threads Domino can create to 
deliver mail from Mail. box to 
local mail files 

Maximum delivery 
threads 

Enter a maximum 
between 1 and 25, 
based on the 
server load. 

The Router automatically 
sets the default maximum 
number of delivery threads 
based on server memory. 
Letting the Router select the 
maximum number is 
recommended. 

Whether Domino encrypts 
messages: 

■ Regardless of whether the 
sender or the recipient's mail 
file encrypts messages 
(Enabled), or 

■ Only if the recipient's mail file 
is set to encrypt received 
messages (Disabled) 

Encrypt all 
delivered mail 

■ Enable 

■ Disable (default) 

When encryption is enabled 
and an external user 
requests a return receipt for 
a message sent to a user 
whose mail file is on the 
server, the return receipt 
message that Domino 
generates contains a blank 
message body. 

Whether or not the server 
permits the use of pre-delivery 
agents 

Pre-delivery agents 

■ Enable (default) 

■ Disable 

If the Router detects a pre- 
delivery agent created by a 
user, it runs the agent 
against the message before 
the message appears in the 
recipient's inbox. 

Maximum time (in seconds) that 
a pre-delivery agent, such as a 
mail filter, can run before the 
Router interrupts it 

Pre-delivery agent 
timeout 

Default is 30 
seconds. 

Failure to restrict agents can 
slow routing performance on 
the server. 

Whether the Router supports the 
rule action to send copies of 
selected messages 
automatically to other recipients 

User rules mail 
forwarding 

■ Enable 

■ Disable 

Notes users can create mail 
file rules that automatically 
process new mail. 
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Controlling Mail Delivery...(conf/nued; 



Disable pre-delivery agents 


Restricting agents can improve server performance. 


Follow these steps to edit the Configuration Settings document to disable pre- 
delivery agents. 


Step 

Action 

1 

Edit the Configuration Settings document. 

2 

Select the Router/SMTP tab-> Restrictions and Controls tab-> Delivery 
Controls tab. 

3 

For the Pre-delivery agents field, select Disabled and click OK. 

4 

Click Save. 

5 

To have settings take effect immediately: 

Enter Tell Router Update Configuration at the server console. 

Note: Otherwise, the updates take place every five minutes. 


166 


Administering IBM Lotus Domino 6: Building the Infrastructure 


Lesson 9 ■ Establishing Mail Controls 


Enhancing Transfer Performance 

Transfer control fields determine how and when mail is transferred to other 
servers. 


Mail transfer controls 


The following table describes some of the transfer controls fields. 


To Manage This Type of 

Mail Transfer 

Set This Field 

Default 

When low priority mail should be 
transferred 

Low priority mail 
routing time range 

12:00 AM -06:00 AM 

How often the Router should retry 
transferring mail 

Initial transfer retry 
interval 

15 minutes 

How often expired messages should be 
purged from the server’s Mail. box 

Expired message 
purge interval 

15 minutes 


Note: The transfer control fields also apply to mail routed to the Internet. 



Specify when low priority mail should route 


The Configure Router restrictions guided practice specified that messages 
between 2-10 MB in size should route low priority. Follow these steps to specify 
when low priority mail routes. 


Step 

Action 

1 

Edit the Configuration Settings document. 

2 

Select the Router/SMTP tab-> Restrictions and Controls tab->Transfer 
Controls tab. 

3 

Set the Low priority mail routing time range to 2:00 AM - 5:00 AM. 

Note: Worldwide Corporation wants a shorter time range than the default 
because of international time zones. 

4 

Click Save & Close. 



Make sure there is a Connection document that includes the low priority 
time range; otherwise, low priority mail will not route. 


Caution 


Administering IBM Lotus Domino 6: Building the Infrastructure 


167 


Lesson 9 ■ Establishing Mail Controls 


Configuring Multiple Server Mailboxes 

By default, the Router uses only one Mail. box. The Router supports using multiple 
mailboxes on a server. Using multiple mailboxes: 

■ Reduces contention 

■ Increases reliability 

■ Increases delivery speed 


Note: On busy mail servers, add one or two mailboxes and increase the number 
until mail routing patterns are optimal. 



Set up multiple mailboxes 


Follow these steps to set up multiple mailboxes on each mail server. 


Step 

Action 

1 

Select the Messaging tab->Mail tab-> Servername Mailbox (mail. box) 

view. 

2 

Select the Configuration tab-> Server section-^ Configurations view. 

3 

Edit the Configuration Settings document for your server. 

4 

Select the Router/SMTP tab-> Basics tab. 

5 

In the Number of mailboxes field, enter 2. 

6 

Click Save. 

7 

Restart the server for the changes to take effect. 

8 

Switch back to the Administration window, and select the Messaging 
tab->Mail tab-> Routing Mailboxes section to view the two new mailboxes. 


Note: After the server creates multiple mailboxes, the Router no longer uses the 
initial Mail. box. Therefore, after creating multiple mailboxes, ensure that the 
Router processes messages by copying messages from the original Mail. box to 
one of the new mailboxes. 
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What Is Mail Journaling? 


Mail journaling enables capturing of a copy of all or specified messages that the 

Router processes by the Domino system. The benefits of using journaling include: 

■ Compliance with laws or regulations that require an organization to save a 
copy of every message processed by the local mail system and permanently 
store or otherwise process the message copies. 

■ Long-term storage needs if used in conjunction with third-party archiving 
programs. 


Journaling and mail rules 


Mail journaling works in conjunction with mail rules. The journaling rule 
determines which messages to journal. For example, you can journal messages 
sent to or from specific people, groups, or domains. 

Once configured, journaling is done automatically by the server. A copy of the 
message is retained, even if the recipient, or an agent acting on the recipient's 
mail file, deletes it immediately upon delivery. 

Tip: On servers running the ISpy task, the Mail Journaling database captures 
each trace message that the ISpy task sends. To prevent the Mail Journaling 
database from accumulating these entries, configure a rule exception for 
messages where the sender includes ISpy. 
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What Is Mail Journaling ? ...(continued) 


How mail journaling works 


Journaling does not disrupt the normal routing of a message. When mail 
journaling is enabled, Domino: 

■ Examines messages as they pass through Mail. box. 

■ Sets a journal flag on the message before transferring it to the next server on 
the route so it is only journaled once. 

■ Saves copies of selected messages to a Domino Mail Journaling database 
(Mailjrn.nsf) 

■ After the Router copies a message to the Mail Journaling database, it 
sends the message to the intended recipient. 

■ Before depositing messages in the Mail Journaling database, the Router 
encrypts them to ensure that only authorized persons can examine them. 

■ Delivers the message from the destination server after removing the journal 
flag so the user is not aware that the message was journaled. 

Note: When using a mail-in database, the mail-in database is just added as a 
recipient to the original message. Messages are not re-encrypted. 


Server configuration affects journaling 


Journaling is also affected by the server configuration. There is a possibility of a 
message being journaled more than once from a user’s perspective due to server 
configuration or message modifications. 

For example, if Servers B and C have journaling enabled, but Server A does not, 
and a user on Server A sends a message to one user on Server B and another 
user on Server C, the message will be journaled on both Servers B and C. If 
journaling is enabled on Server A, then only Server A would journal the message. 
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Enabling Mail Journaling 

By default, mail journaling is not enabled. Domino automatically creates the Mail 
Journaling database in the specified location when mail journaling is enabled. 



Enabling mail journaling 


Follow these steps to set up the Mail Journaling database by specifying where to 
store journaled messages and setting options for managing the security and size 
of the database. 


Step 

Action 

1 

Select the Configuration tab-> Messaging view-> Configurations view. 

2 

Select the server and click Edit Configuration. 

3 

Select the Router/SMTP tab-^ Advanced tab-> Journaling tab. 

4 

In the Basics section, complete the following fields: 

■ Journaling: Enabled, Disabled (default). 

■ Field encryption exclusion list: Fields that are not encrypted and will 
display in the view. Default encrypted fields are Form, From, Principal, and 
PostedDate. 

Method: 

■ Copy to local database (default): If the Configuration Settings document 
applies to multiple servers, Domino creates a unique Mail journaling 
database on each server. 

■ Send to mail-in database: The database must already exist. Messages are 
not encrypted. When using a mail-in database, encrypt messages when 
adding them to the database. 

■ Database name: Default (Mailjrn.nsf, applies to local copy only). 

■ Mail destination: Name of the mail-in database. 

■ Encrypt on behalf of user: Fully-qualified Notes Name of the user whose 
certified public key Domino uses to encrypt messages added to the 
database. 


(continued on next page...) 
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Enabling Mail Journaling ...(continued) 


Enabling mail journaling... 


Step 

Action 

5 

In the Database Management section, complete the following fields: 

Method: 

■ Periodic Rollover: Create new database at 12 AM every x days (specify 
the days in the periodicity field). 

■ None: No method of data retention used. 

■ Purge/Compact: Delete documents after specified number of days and 
compact database (specify days in the data retention field). 

■ Size Rollover: Create new database when maximum size is reached 
(specify size in the maximum size field). 

6 

Click Save. 

7 

To have settings take effect immediately: 

Enter Tell Router Update Configuration at the server console. 

Note: Otherwise, the updates take place every five minutes. 
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What Are Mail Rules? 


Mail Rules define actions to be taken on certain messages. When a new message 
that meets the condition specified in the rule is deposited in Mail.box, Domino 
automatically performs the designated action. 


Mail rule actions 


Mail rules define the following actions: 

■ Journal a message. 

■ Move a message to a database for storage or quarantine. 

■ Refuse to accept or deliver a message. 

■ Change the routing state of a message. 

■ Administrator review of messages redirected to quarantine database. 


When actions are performed 


The server searches each message for conditions specified in the server mail 
rules and performs an action on the message. Some types of actions occur 
immediately. Other types of actions are performed by the Router later, so the 
server tags these messages before depositing them in Mail.box. 

Server Actions 

■ Don’t accept message. 

■ Change routing state. 

Router Actions 

■ Journal this message. 

■ Move to database. 

■ Do not deliver message. 
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What Are Mail Rules ?... (continued) 

How mail rules work 


The following table describes how rules are processed. 


When 

Then 

Domino server starts 

Each server retrieves rules from the appropriate 
Configuration Settings document and registers them as 
monitors on each Mail. box database in use. 

Mail. box receives a new 
message from any source 
— the SMTP process, the 
Router on another server, 
or a client depositing a 
message 

The server evaluates the message fields against the 

registered mail rules. 

Notes: 

■ Each message is evaluated only once. 

■ Additional updates occurring after a message is added 
to Mail. box — such as updates to reflect the number of 
recipients handled — do not cause reevaluation of the 
rules. 

A new rule is added 

The rule takes effect after the server reloads the mail 
rules. A reload is automatically triggered if the Server task 
detects a rule change when performing its routine check of 
the Configuration Settings document. This check occurs 
approximately every five minutes. 

Note: 

■ You can force the server to reload rules, using the set 
rules command at the server console. 

Mail. box receives an 
encrypted message 
(Notes encrypted, 

S/MIME, PGP, and so 
forth) 

The server mail rules process any rule conditions that are 
based on unencrypted information in the message 
envelope, such as the sender, importance, and recipients, 
but do not process conditions based on the encrypted 
portion of the message body. 

A rule prevents a 
message from reaching 
its destination 

For example, if an inbound SMTP message is refused, the 
sending server would typically generate a delivery failure 
report to the sending user. Similarly, a Notes user receives 
an error if a mail rule prevents the Domino server from 
accepting a message. 
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Creating a Mail Rule 

Worldwide needs mail rules to reject messages with subjects containing certain 
words, unless such messages are from specific senders. 



Create a mail rule 


Follow these steps to create a mail rule that prevents sending messages with a 
specific subject except when the message is from a specific sender. 


Step 

Action 

1 

Select the Configuration tab*> Messaging view->Configurations view. 

2 

Select the Configuration Settings document and click Edit Configuration. 

3 

Click the Router/SMTP tab-^Restrictions and Controls tab->Rules 
tab-»New Rule. 

4 

For Specify Conditions, perform the following: 

■ Select Subject. 

■ Select Contains. 

■ Enter a subject. 

■ Click Add. 

5 

For Specify Conditions, perform the following: 

■ Select Exception. 

■ Select Sender. 

■ Select Is. 

■ Enter a sender. 

■ Click Add. 

6 

For Specify Actions, perform the following: 

■ Select don’t accept message. 

■ Click Add Action. 

7 

Click OK to save the rule. 

8 

Click Save. 

Note: The Configuration Settings document must be saved to make the rule 
available for activation. 
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Activating a Rule 

The Router task reloads the list of rules every five minutes. To activate a new rule 
immediately, issue the set rules command at the server console. 



Activate the rule 


Follow these steps to make the rule action take effect immediately. 


Step 

Action 

1 

Select the Server tab-> Status tab. 

2 

In the Navigator pane, select the Server Console view. 

3 

Click Live. 

4 

In the Domino Command field of the console, enter the command 
set rules and click Send. 


Prioritizing mail rules 


After enabling mail rules, set their relative priority by moving them up and down 
the list. For example, keeping rules that affect security at the top of the list ensures 
greater protection. 

Since, in most cases, only one action is taken per message, prioritization can be 
used to customize rules. Prioritizing allows one rule to take precedence over 
another. 

For example, one rule may reject all messages with the subject “Buy,” to avoid 
spam messages in general. But another rule can accept all messages from a 
specific domain, such as a specific customer, even if they include the word “Buy.” 


176 


Administering IBM Lotus Domino 6: Building the Infrastructure 


Lesson 9 ■ Establishing Mail Controls 


What Are Quotas? 


Quotas are size limits that are set on users’ mail files. There are two types of 
quotas: 

■ Absolute quota size 

■ Warning threshold 

Quotas restrict mail-file size by allowing interruption of mail flow. Warning 
thresholds provide users with advance notice when their mail files approach the 
designated mail file quota, so they can reduce the size of their mail files before 
message flow is interrupted. Quotas must be set before warning thresholds are 
specified. 

Quotas and warning thresholds are associated with a particular mail file database 
only, not with a user ID. 


Setting quotas and thresholds 


Set quota limits and warning thresholds: 

■ During registration - Quotas specified during registration apply only to new 
users, not to existing users. 

■ Per database - Administrators can manually specify the warning threshold 
and quota of one or more mail files. 


Quota restrictions 


Quota restrictions allow: 

■ For several types of restriction settings including non-delivery of mail. (Hold 
messages in Mail. box or return to sender.) 

■ Administrators to define actions to take on mail files whose quotas are 
reached or exceeded. 

■ Reduction in server's disk space and increase in performance of the mail 
client. 
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Establishing Mail Quotas 

Worldwide has asked administrators to restrict the size of their own mail files. 



Set mail quota 


Follow these steps to create a quota of 10 MB and a threshold of 9 MB on a user’s 
mail file. 


Step 

Action 

1 

From the Files tab, select your user’s mail database. 

2 

Select the Tools pane-> Database^ Quotas. 

Result: The Set Quotas dialog box appears. 

3 

Click Set database quota to and enter 10. 

4 

Click Set warning threshold to and enter 9 . 

5 

Click OK. 
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Setting Mail Quota Restrictions 

Worldwide now needs to define what happens when mail files with quotas 
approach and reach the quota. 



Setting a quota restriction 


Follow these steps to specify handling of quota restrictions on mail files. 


Step 

Action 

1 

Select the Configuration tab-^ Messaging view->Configurations view. 

2 

Select the Configuration Settings document for the mail server and click Edit 
Configuration. 

3 

Select the Router/SMTP tab -> Restrictions and Controls tab-> Delivery 
Controls tab. 

4 

For Over warning threshold notifications, select one of the following: 

■ None 

■ Per time interval to send one message during the time interval specified 
■ Select warning interval and select Hour(s), Minute(s), or Day(s). 

Enter number. 

■ Per message to send a message to the user when the threshold is 
reached 

5 

For Over quota notification, select one of the following: 

■ None 

■ Per message to send a message to the user when the quota is exceeded 

■ Per time interval to one message during the time interval specified 

■ Select warning interval and select Hour(s), Minute(s), or Day(s). 

Enter number. 

6 

For Over quota enforcement select one of the following: 

■ Deliver anyway (don’t obey quotas) - Router delivers new mail even if 
quota is exceeded. 

■ Non deliver to originator - Router does not deliver mail and sends 
notification to intended recipient (and sender, since Over quota notification 
field was set to Per Message). 

■ Hold mail and retry - mail is held in Mail. box and Router resends until 
mail file is below quota. 

7 

Click Save. 

8 

To have settings take effect immediately: 

Enter Tell Router Update Configuration at the server console. 

Note: Otherwise, the updates take place every five minutes. 
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Setting Mail Controls Exercise 


Worldwide Corporation has set the following standards for their mail 
infrastructure: 

■ All mail files must not exceed 15 MB. 

■ Users must be notified when their mail files are about to exceed 
14 MB. 

■ Messages will not be delivered when mail files are larger than 14 MB. 

■ All messages containing an attachment with the extension .abc are 
refused. 

■ All messages from Doctor Notes must be saved in a local database 
that is backed up and recreated once per day. 


controls to establish standards 


Complete the following tasks: 

■ Create mail quota and threshold to ensure mail databases do not exceed 
15 MB. 

■ Create a quota restriction to deny delivery of messages when quota is 
exceeded. 

■ Create a mail rule to deny messages containing attachments with the 
extension .abc. 

■ Enable mail journaling. 

■ Create a mail rule to journal all messages from Doctor Notes. (Hint: Mail 
journaling must be enabled.) 




■ Create a message with the Help database (/data/help/Help6_client.nsf) 
attached and send it to your partner to test the mail quota. 

■ Did your partner receive the message? 

■ Did you receive a warning? 

■ Create a message with the Test.abc file attached to it and send it to your 
partner to test the mail rule. 

■ Did your partner receive the message? 

■ Locate the message from Doctor Notes in the mail journaling database. 
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Archiving Mail Using Policies 


The Archive Policy Settings document allows standardization of document 
archiving. Archive settings are centrally managed and enforced by the 
administrator. Use the Settings document to specify: 

■ Whether to allow archiving 

■ Archive location 

■ Archive selection criteria 

■ Archive log information 

Server-to-server archiving can archive all mail files to central server. 


Archiving solutions 


Archiving policies can solve the following problems. 


Problem 

Solution 

■ Space is tight on the mail server. 

■ Need a centralized archive server. 

Server-based archiving is enabled from a 
mail server to a designated archive 
server. 

Archiving cannot occur during peak work 
hours. 

Archiving is scheduled to occur during off 
hours. 

End users must not be allowed to control 
their archive settings. 

Users are prohibited from changing or 
creating archive settings. 

Lotus Notes 6 clients will not be rolled out 
immediately. 

The designated archive server is a 

Domino 6 server, so that policies can be 
enforced in a mixed environment. 
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Archiving Mail Using Policies ...(continued) 



Step 

Action 

1 

Open the mail file. 

2 

Choose Actions-* Archive-* Settings. 

Result: The Archive Settings dialog box appears. 

3 

Click Settings and click Enable Archiving. 

4 

Click Advanced and click Scheduled archiving will occur locally. 

5 

Click OK. 


Setting up archiving 


To enable mail file archiving, use the following documents: 

■ The Policy document 

■ The Archive Settings document 

■ The Archive Criteria Settings document 

The following describes the Archive Settings and Archive Criteria Settings 
documents: 

■ An Archive Settings document specifies whether or not to allow archiving, 
whether or not to allow Notes users to set their own private archiving criteria 
where archiving occurs, and the destination location for the Archive Log 
database. 

■ The Archive Criteria Settings document establishes the criteria for document 
selection and mail file cleanup. Each Archive Settings documents requires: 

■ At least one Archive Criteria Settings document if enabling archiving. 

■ No Archive Criteria Settings document if prohibiting archiving. 
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Creating an Archive Policy 


Worldwide Corporation wants to allow specific user groups to archive 
their own mail to save space. However, they have ordered a server to 
use specifically for archiving and it has not arrived yet. The 
Classroom administrators have been asked to prohibit archiving for all users until 
Scenario the new server is up and running. 




Add policy settings to prohibit archiving 


Follow these steps to add policy settings that prohibit archiving. Add the settings 
to the existing explicit Policy document you created in Lesson 4: Adding Notes 
Clients. 


Step 

Action 

Result 

1 

Use the following steps to open the explicit 
policy: 

a. Click Configuration tab-^ Policies view->by 
Hierarchy. 

b. Select the explicit policy you created. 

c. On the Tools pane, choose Policy->Edit. 


2 

Locate the Archiving section and click New. 

The Archiving Settings 
document is created. 

3 

On the Basics tab, perform the following: 

■ For Name, enter Archiving Prohibition 
for Admin number (where Admin 
number is your Admin user number, for 
example WestOI). 

■ In the Archiving Options section, select 

Prohibit archiving. 

Remaining sections and 
some tabs disappear. 

4 

Click Save & Close to save the Archive Settings 
document. 

Returns to the Policy 
document. 

5 

Press CTRL+s to save the Policy, then click the 
drop-down arrow next to Archiving and select 
the name of the new Archive Settings 
document. 


6 

Click Save & Close. 
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Testing Archive Policy Exercise 

The simplest way to test an explicit policy is to assign the policy to yourself. 



Assign and test the archive policy 


Complete the following tasks: 


■ Assign the explicit policy to yourself. 

■ Open your mail file and try to archive your mail. 
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Deployment Tasks Implemented 


In this lesson, we have completed the following steps in the Intranet mail routing 
checklist: 

■ Set mail flow restrictions 

■ Set mail transfer controls. 

■ Set mail rules. 

■ Configure additional server mailboxes. 



Checklist: Building the Domino environment 


The bolded task from the Implementation Checklist was completed in Lesson 9. 



Task 

Procedure 

□ 

1 

Set up the first server. 

□ 

2 

Add an administrator’s workstation. 

a 

3 

Set up access to the Domino Directory. 

a 

4 

Add Domino servers. 

□ 

5 

Add Organizational Units. 

a 

6 

Register administrators. 

a 

7 

Add Notes clients. 

□ 

8 

Create user groups. 

a 

9 

Create organizational policy. 

a 

10 

Register users. 

□ 

11 

Set administration preferences. 

□ 

12 

Set up access to servers. 

□ 

13 

Set up server logging. 

a 

14 

Synchronize Domino system databases throughout the domain. 

□ 

15 

Route mail internally. 

□ 

16 

Route mail to the Internet. 

a 

17 

Set mail controls. 

□ 

18 

Test mail routing and delivery. 
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Lesson 10 ■ Monitoring Mail 



Monitoring Mail 


Once the mail infrastructure is in place, it is important to monitor mail to make sure 
it is routing correctly. This lesson introduces monitoring tools and methods to 
ensure that messages are delivered. 


Objectives 


Upon completion of this lesson, you should be able to: 

s Monitor mail delivery, 
v' Monitor mail statistics. 
s Track mail messages. 
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Testing Mail Routing 

After implementing mail routing, test the connections to ensure messages route 
properly. 


Checklist: Troubleshooting mail 


If problems occur during routing, check the details in the following table. 



Task 

Procedure 

a 

1 

The network connections are set up correctly. 

a 

2 

The servers and Router are up and running. 

□ 

3 

The DNNs are set up properly. 

a 

4 

The appropriate Connection documents exist and contain the 
following: 

■ The server name is correct. 

■ The schedule is enabled. 

■ The Router type is correct. 

□ 

5 

The connection requirements for sending mail, such as calling times 
or message thresholds, have been met. 

a 

6 

Replication between servers is successful, ensuring Connection 
document information is up-to-date on all relevant servers. 

a 

7 

Router restrictions do not prohibit message delivery. 

□ 

8 

SMTP settings are correct. 

□ 

9 

Inbound and outbound controls are properly set. 

a 

10 

Quotas are not exceeded. 

□ 

11 

Mail rules do not prohibit message delivery. 

□ 

12 

The mail address is correct. 

□ 

13 

The person information is correct. 



Common mail routing and delivery problems 


Mail routing problems most often occur for one of the following reasons: 

■ A mail server is down. 

■ The Router is not running. 

■ Mail routing connections are improperly or poorly configured. 
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Testing Mail Routing ...(continued) 



Checklist: Monitoring mail 


Complete these tasks to ensure that mail is routing properly. 



Task 

Procedure 

□ 

1 

Check for dead and undelivered mail. 

a 

2 

Check mail monitoring tools. 

a 

3 

Set up mail statistic monitors. 

a 

4 

Enable message tracking. 
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Often, misdelivered mail falls into one of the categories described in the following 
table. 


Category 

Definition 

Dead mail 

Mail that is not delivered to the recipient and cannot be returned to the 
sender for non-delivery. 

For example, if the sender mails a message to the wrong address, and 
the sender’s mail file is deleted or moved, Domino can neither deliver 
the mail nor return the mail to the sender. 

Undelivered 

mail 

Mail that is not delivered because either: 

■ The Router on the server is not running. 

■ The recipient’s mail server is down. 



Checking mail delivery 


The Domino Administrator Messaging tab contains monitors and tools for verifying 
mail routing and server connections, and monitoring mail delivery status. 

Follow these steps to monitor and troubleshoot mail routing problems. 


Step 

Action 

1 

From Domino Administrator, select the mail server. 

2 

Select the Messaging tab-^Mail tab. 

3 

Select each of the following views: 

■ Servername Mailbox view 

■ Mail Routing Status view 

■ Mail Routing Events view 

4 

Double-click a document in the Mail Routing Events view to display the 
details of mail routing events. 

5 

Select the Messaging tab->Mail tab->Mail Routing Topology tab. 

6 

Select each of the following views: 

■ By Connections view. 

■ By Named Networks view. 
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Monitoring Mail Statistics 

Mail statistics provide additional information on mail flow and current mail 
configuration performance. Enable and monitor statistics using the Server 
Monitor. 



Enable mail statistics 


Follow these steps to enable and monitor additional mail routing statistics. 


Step 

Action 

1 

From Domino Administrator, select your server. 

2 

Select the Server tab-> Monitoring tab. 

3 

Click Start. 

4 

From the menu, choose Monitoring-^ Monitor New Statistic... 

Result: The Add statistics to this profile dialog box appears. 

5 

Expand the view. 

Result: Mail statistics appear. 

6 

Select the following statistics: 

■ Dead 

■ Waiting 

■ TransferFaiiures 

7 

Click OK. 

Result: Mail statistics appear in monitor. 

8 

Click Profiles 

a 

Profiles 

and select Save As... 

9 

Enter Mail Monitoring. 

10 

Click OK. 
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Enabling Message Tracking 

Domino provides the ability to track a sent mail message across servers. With 
message tracking enabled, Domino stores information about each mail message 
in a database (Mtcstore.nsf). The Message Tracking facility can: 

■ Track messages across domains. 

■ Be used by administrators and users from a Notes client or Web browser. 

■ Provide reports of where a particular mail message was sent. 

Note: Only those messages sent after enabling message tracking can be tracked. 
Both administrators and users can request tracking reports. 



Enable message tracking 


Follow these steps to enable message tracking. 


Step 

Action 

1 

From Domino Administrator, select your server. 

2 

Select the Configuration tab-> Messaging view-> Configurations view. 

3 

Edit the Configuration Settings document. 

4 

Select the Router/SMTP tab-> Message Tracking tab, then: 

a. In the Message Tracking field, select Enabled. 

b. In the Message Tracking collection interval field, accept or change the 
default. 

c. In the Log message subjects field, choose Yes, and click OK. 

d. In the Allowed to track messages and Allowed to track subjects fields, select 
the LocalDomainAdmins and LocalDomainServers groups. 

5 

Click Save to save the Configuration Settings document. 

6 

Select the Server tab->Status tab-> Server Console view, and click Live. 

7 

Watch the server console for messages related to message tracking. 

This may take a few minutes. Or, enter Tell router update conf ig. 


Note: For more information about using message tracking across domains or 
tracking reports, see the Domino Administrator 6 Help database. 
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Resolving Common Mail 
Problems 


Problems with mail routing and delivery may be caused one or more factors. 
Monitoring helps to isolate the cause of the problem. Once the cause is 
determined, follow the checklist tasks to resolve the problem. 

Some of the tasks, such as checking Connection documents, DNNs, and 
Replication schedules involves viewing documents, which was covered in 
previous lessons. 

This lesson covers how to: 

■ Test mail connections. 

■ Check statistics. 

■ Start and stop the Router. 

■ Force mail to route. 

■ Resolve undelivered mail. 


Objectives 


Upon completion of this lesson, you should be able to: 

s Identify troubleshooting tasks. 

v' Test mail connections. 

s Resolve common mail delivery problems. 
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Testing Mail Connections 


Domino Administrator includes a Mail trace tool that administrators can use to 
verify mail delivery and troubleshoot delivery problems. This tool does not actually 
deliver mail to the user’s mail file; the tool simply “pings” the user’s mail file and 
traces the path the message travelled to reach the user’s mail file. This is also 
helpful for testing network connections. 



Send a Mail trace 


Follow these steps to send a message to a user to test mail delivery. 


Step 

Action 

1 

From Domino Administrator, select your server. 

2 

Select the Messaging tab->Mail tab. 

3 

From the Tools pane, select Messaging->Send Mail Trace. 

4 

In the To field, enter or select the mail user. 

5 

In the Subject field, enter Mail trace message for username. 

6 

Choose a Delivery report option: 

■ Each Server on the Path - returns a trace report indicating each Router 
hop. 

■ Last Server Only - returns a Delivery Confirmation report from the 
destination server only. 

7 

Click Send. 

8 

Click Done. 

9 

View the trace report in your mail file by: 

■ Opening your mail file 

■ Double-clicking the message with the subject entered in Step 5 
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Restarting the Router 


Check to see if the Router is running by looking at the Router task in the Server 
Monitor. If the Router is not running, start the Router. 



View the Server Monitor 


Follow these steps to determine whether mail is being delivered, identify potential 
problems, and see if the Router is running. 


Step 

Action 

1 

From the Domino Administrator, select your server. 

2 

Select the Server tab-^ Monitoring tab. 

3 

Click Profile and select the Mail Monitoring profile. 

4 

Click Start. 

5 

Check mail statistics and Router task. 


Stopping and starting the Router 


Follow these steps to stop and restart the Router, if the Server Monitor indicates 
that the Router is not responding. 


Step 

Action 

1 

From Domino Administrator, select the mail server to administer. 

2 

Select the Messaging tab->Mail tab. 

3 

From the Tools pane, choose Messaging -> Stop Router. 

4 

From the Tools pane, choose Messaging->Start Router. 


Note: Stopping and restarting the Router also routes pending mail. 
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Forcing Mail to Route 

To see if problems are fixed, force mail to route. 



Forcing mail routing 


Follow these steps to force mail routing, either to test connections or to send all 
pending messages (including low priority messages) immediately. 


Step 

Action 

1 

From Domino Administrator, select the server. 

2 

Select the Messaging tab->Mail tab. 

3 

From the Tools pane, choose Messaging^ Route Mail. 

4 

Enter the destination server’s fully distinguished hierarchical name. 

Note: Use quotation marks (“”) if the server name contains spaces. For 
example, use quotes around the server name: 

“USMailOI/SVR/Earth Corporation” 

5 

Click Route to route mail. 

6 

Click Done. 
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Managing Dead and Undelivered Mail 

Dead and undelivered mail is flagged in the server’s Mail. box. Dead mail indicates 
a problem with the user information. Undelivered mail indicates a problem with 
mail routing. 



Resolve undelivered and dead mail 


Follow these steps to identify and fix dead or undelivered mail. 


Step 

Action 

1 

From Domino Administrator, select your server to administer. 

2 

Select the Messaging tab->Mail tab-> YourServername Mailbox view. 

3 

To fix dead mail (flagged with a red icon) or undelivered mail, click Release 
and choose one of the following options: 


Center j 

b/SVR/WWCorp 

ldows NT 5.0 

4 

lilboxes 1 

ailbox (maill .box) 
ailbox (mail2.box) 

1 

g Status 

Note: Releasing c 

j (^) Release... ^ Edit Message (ji) Delete Message 


Resend all dead messages to originally intended recipient 

Resend selected dead messages to originally intended recipient 
Return Non Delivery Report to sender of selected dead messages 
Resend selected held messages 

Resend selected held messages for a final time 

leletes the message. 
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Troubleshooting Intranet Mail Routing 
Exercise 


In this exercise, you will locate two problems within Worldwide’s mail routing 
environment. 



Send mail to a user in another Domino Named Network 


Test mail routing within Worldwide Corporation as follows: 

1 . Send a message to a student in another DNN. 

Did the mail message reach the user’s mail file? 

2. If the message did not reach the user’s mail file, determine the causes of the 
problem. Consider the following: 

■ Router 

■ Mail file quotas 

■ Replication of Connection documents in the Domino Directory throughout 
the domain 

■ DNN configuration 

■ Mail routing Connection documents 

Problem 1 : 

Problem 2: 


3. Fix the problems found, then send another message. 
Did the mail message reach the user’s mail file? 

If not, why not? 
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Troubleshooting Internet Mail Routing 
Exercise 

In this exercise, you will locate a problem that prevents you or your DNN from 
routing Internet mail to the relay host. 



Send mail to an Internet address 


Test mail routing to the Internet as follows: 


1 . Use the Notes client to create and send a mail message to an Internet user. 
Did the mail message route to Hub/SVR/WWCorp correctly? 

2. If the mail message did not route, try to determine the cause of the problem. 
Consider whether or not any of the following might be the cause: 

■ Network connections 

■ SMTP settings 

■ Inbound (Hub) and outbound (Mail servers) controls 

3. After fixing the problem, resend the mail message. 

Did the mail message route to Hub/SVR/WWCorp correctly? 
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Troubleshooting Undelivered Mail 
Exercise 


In this exercise, you may find a different type of problem than in the previous 
exercises. 



Determine the cause of undelivered mail 


1 . Use the Notes client to create and send a mail message to a user in another 
DNN. 


Did the mail message route to the user correctly? 

2. Find at least two ways to see if the mail was undelivered or dead. 

3. If the mail message did not route, try to determine the cause of the problem. 
Consider whether or not any of the following might be the cause: 

■ DNN configuration 

■ Person documents 

■ Location documents 


Did the mail message route to the user correctly? 

4. If the mail did not route, try to determine the cause of the problem. Consider 
whether or not any of the following might be the cause: 

■ Replication of Connection documents in the Domino Directory throughout 
the Domain 

■ DNN configuration 

■ Mail routing Connection documents 

5. After fixing the problem, release the undelivered/dead mail message. 

Did the mail message route to Hub/SVR/WWCorp correctly? 
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Deployment Tasks Implemented 


In this module, we completed the following steps in the Intranet Mail Routing 
Checklist: 

■ Test and troubleshoot intranet mail routing. 

■ Enable message tracking. 

■ Test mail delivery to a user’s mail file. 



Checklist: Building the Domino environment 


The bolded task from the Implementation Checklist was completed in Lessons 10 
and 11. 



Task 

Procedure 

□ 

1 

Set up the first server. 

a 

2 

Add an administrator’s workstation. 

□ 

3 

Set up access to the Domino Directory. 

a 

4 

Add Domino servers. 

a 

5 

Add Organizational Units. 

a 

6 

Register administrators. 

□ 

7 

Add Notes clients. 

□ 

8 

Create user groups. 

□ 

9 

Create organizational policy. 

□ 

10 

Register users. 

a 

11 

Set administration preferences. 

a 

12 

Set up access to servers. 

□ 

13 

Set up server logging. 

a 

14 

Synchronize Domino system databases throughout the domain. 

a 

15 

Route mail internally. 

a 

16 

Route mail to the Internet. 

a 

17 

Set mail controls. 

a 

18 

Test mail routing and delivery. 
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Appendix 


■ Exercise Solutions 

Lesson 4: Adding Notes Clients 

Navigating Domino Administrator 
Exercise 

Verify the components created so far 


Perform the following tasks to complete this exercise: 

■ Locate your Server document and the Administrators field. 

■ Locate the Certifier documents. 

■ Locate your Person document and mail file name. 

■ Locate the Group document. 

■ Locate your server’s Mail. box. 

■ Locate your mail file. 


Locate your Server document and the Administrators field 


Follow these steps to locate your Server document and the Administrators field on 
the Security tab in your Server document. 


Step 

Action 

1 

From Domino Administrator, select the Configuration tab-> Server 
section->AII Server Documents view. 

2 

Double-click your Server document to open it. 

3 

Click the Security tab and note the Administrators field. 

Result: Your instructor added LocalDomainServers as well as the original 
entry, which was LocalDomainAdmins. 

4 

Click the X on the task window to close the Server document. 
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Lesson 4: Adding Notes Clients ...(continued) 

Navigating Domino Administrator Exercis ^...(continued) 


Locate the Certifier documents 


Follow these steps to locate the Certifier documents. 


Step 

Action 

1 

From Domino Administrator, select the Configuration tab-> Certificates 
section Certificates view. 

2 

Scroll to the bottom of the view. 

3 

Click Notes Certifiers -^WWCorp and note the names of the four certifiers. 


Locate your Person document and mail file name 


Follow these steps to locate your Person document and your mail file name. 


Step 

Action 

1 

From Domino Administrator, select the People & Groups tab-> Domino 
Directories section^ WWCorp’s Directory section-^ People view. 

2 

Double-click your Person document to open it. 

3 

On the Basics tab, note your mail server and the path and file name of your 
mail file. 


Locate the Group document 


Follow these steps to locate the Group document you created. 


Step 

Action 

1 

From Domino Administrator, select the People & Groups tab-> Domino 
Directories section-^ WWCorp’s Directory section->Groups view. 

2 

Locate the Group document you created. 
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Lesson 4: Adding Notes Clients ...(continued) 

Navigating Domino Administrator Exercise.. .(continued) 

Locate your server’s Mail.box 


Follow this step to locate your server’s Mail.box. 


Step 

Action 

1 

From Domino Administrator, select the Messaging tab->Mail tab-> server 

Mailbox (Mail.box). 


Locate your mail file 


Follow these steps to locate your mail file and verify its file name. 


Step 

Action 

1 

From Domino Administrator, select the Files tab->dr/VeAdomino\data 
section-> Domino section^ Mail view. 

2 

Locate the mail file that matches the name you noted in the Person 
document. 
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Lesson 4: Adding Notes C\ients...(continued) 

Registering Users Exercise 

Register users 


Follow these steps to register a new administrator. 


Step 

Action 

1 

From Domino Administrator, select your server to administer. 

2 

Select the People & Groups tab-> Domino Directories 
section^ WWCorp’s Directory section-^ People view. 

3 

Choose People-^ Register from the Tools menu. 

4 

Click Cancel when prompted for the certifier password, 

5 

Click Certifier ID, select the appropriate certifier ID for your region, and click 

Open. 

Then, click OK. 

6 

Enter the certifier ID password (provided by the instructor), and click OK. 

7 

On the Certifier Recovery Information Warning, select Do not show this 
warning for this certifier ID in the future, and click OK. 

8 

On the Basics panel, perform the following steps: 

■ Click Registration Server, select your server, and click OK. 

■ Enter the names based on the table. 

■ Click Password Options and select the following: 

■ Slide the Password Quality scale to select Weak password, not very 
secure (6). 

■ Select Set internet password to make the initial Internet password the 
same as the Notes password. 

■ Select Synch internet password with Notes ID password, and click 
OK. 

Note: This keeps the Internet password synchronized with the Notes 
password whenever the user changes the Notes password. 

■ Enter lotusnotes for the password. 

9 

Click Advanced. 

10 

Add the user to the appropriate group based on the table. 

11 

Select the appropriate policy based on the table. 

12 

Click H- 

13 

Repeat Steps 8 through 11 to add another user to the queue. 

14 

Click Register All. 
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Lesson 5: Setting Up Server 
Administration 

Setting Administration Access Exercise 


Set administration access 


Perform the following tasks to complete this exercise: 

■ Modify administration levels. 

■ Access a server in the other administrator group. 

■ Attempt to compact a database using two methods: 

■ Compact a database from the console. 

■ Compact the database using menus. 

■ Record administration access results. 


Modify administration levels 


Follow these steps to modify administration levels. 


Step 

Action 

1 

In the Domino Administrator, select the Configuration tab->AII Servers 
Documents view, then open your Server document. 

2 

Select the Security tab, then click Edit Server. 

3 

In the Administrators field: 

■ If you are in the East OU, enter 
* /East/WWCorp 

■ If you are in the West OU, enter 

* /West/WWCorp 

4 

In the View-only Administrators field: 

■ If you are in the East OU, enter 

* /West/WWCorp 

■ If you are in the West OU, enter 

* /East/WWCorp 

5 

Click Save & Close. 
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Lesson 5: Setting Up Server Administration.. m(continued) 
Setting Administration Access Exercise.. . (continued) 
Access a server in the other administrator group 


Follow these steps to access a server in the other administrator group. 


Step 

Action 

1 

Choose File->Open Server. 

2 

Enter the name of a server in the other OU. 

3 

Click OK. 


Attempt to compact a database from the console 


Follow these steps to attempt to compact a database from the console. 


Step 

Action 

1 

Select the Server tab Status tab -> Server Console view. 

2 

In the Domino Command field, enter the following command: 

Load Compact Busytime.nsf 

3 

Click Send. 

Result: The status bar displays an error saying that you are not authorized 
to use this remote console command. 


Compact the database using menus 


Follow these steps to compact the same database using menus. 


Step 

Action 

1 

Select the Files tab. 

2 

Highlight the Local free time info database (Busytime.nsf). 

3 

From the Tools pane, choose Database^ Compact. 

4 

Keep default settings, and click OK. 

Result: The database should compact successfully using the menu 
commands. The View-only Administrators field restricts console commands, 
not menu commands. 
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Lesson 5: Setting Up Server Administration.. •(continued) 
Setting Administration Access Exercise.. •(continued) 


Record administration access results 


■ Was the Domino Administrator interface different when you changed servers? 

Answer: No 

■ For the server in the other group, what tasks could you perform? 

Answer: Compact a database, but only using the Administrator menu 
commands, not using the console. 

■ Were the results expected, based on the access settings? 

Answer: Yes 
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Lesson 6: Synchronizing Domino System 
Databases 

Replicating Selected Databases 
Exercise 


Create a Connection document for the Domino Directory 


Follow these steps to create a Connection document that replicates Names. nsf 
from the Hub server to your server every two hours. 


Step 

Action 

1 

From Domino Administrator, select the server to administer. 

2 

Select the Configuration tab-> Replication section -> Connections view. 

3 

Click Add Connection. 

4 

On the Basics tab, select Local Area Network for the Connection type. 

5 

Enter the following information for the source server and domain: 

■ Source server: Hub/SVR/WWCorp 

■ Source domain: WWCorp 

6 

Enter the following information for the destination server and domain: 

■ Destination server: Enter your server’s hierarchical name. 

■ Destination domain: WWCorp 

7 

Click Choose ports, select TCPIP, and click OK. 

8 

On the Replication/Routing tab, enter information in the appropriate fields 
according to the descriptions below. 


Field 

Description 


Replication Task 

Set to enabled. 


Replicate databases of 
priority 

Leave this at default (Low & Medium & High) in 
case someone changes the priority in the 
replication settings of the Domino Directory. 


Replication Type 

Select Pull Push. 


Files/Directories to 
Replicate 

Enter Names . ns f 


Replication Time Limit 

Leave this blank for classroom purposes. 


(continued on next page...) 
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Lesson 6: Synchronizing Domino System Databases ...(continued) 
Replicating Selected Databases Exercise.. m(continued) 


Create a Connection document for the Domino Directory... 


Step 

Action 

9 

On the Schedule tab, enter the information in the appropriate fields according 
to the descriptions below. 


Field 

Description 


Schedule 

Set to Enabled. 


Connect at times 

Enter 12: 00 AM - 11:59 PM 


Repeat interval of 

Enter 12 0 minutes. 


Days of week 

Leave the following default days: 

Sun, Mon, Tue, Wed, Thu, Fri, Sat 

10 

Click Save & Close. 
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Lesson 6: Synchronizing Domino System Databases.. •(continued) 


Monitoring the Replication Schedule 


Replicate the Connection documents 


Follow these steps to replicate the Connection documents in the Domino 
Directory. 


Step 

Action 

1 

In the Domino Administrator, select the Server tab^ Server Tasks view. 

2 

From the Tools pane, choose Server-^ Replicate. 

3 

In the dialog box, perform the following: 

■ For Which server do you want to replicate with?, select Hub/SVR/ 

WWCorp. 

■ For Replicate, select Selected database, click Database, select 

WWCorp’s Directory, and click OK. 

■ Click Replicate. 

4 

When replication is finished, click Done. 


Use the Replication Tools 


Follow these steps to use the Replication Tools. 


Step 

Action 

1 

In the Domino Administrator, select the Server tab->Status tab-> Server 
Tasks view. 

2 

Locate the Maps Extractor task. If it is not listed, use the Tools pane to 
select Task->Start, and select Maps Extractor. Then, click Start Task, and 
click Done. 

3 

Select the Replication tab-> Replication Events view, and open each 
document to verify that data was exchanged between replicas. 

4 

Select the Replication Topology-^ By Connections view to see a map that 
represents the servers between which there are Connection documents. 

Note: The map shows all Connection documents, even ones in which 
replication is disabled. 
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Lesson 7: Setting Up Intranet Mail 
Routing 

Defining Key Mail Routing Components 
Exercise 

Define mail routing components 


The following table identifies the mail routing components. 


Term 

Definition 

Mail file 

The Domino database in which the user creates, sends, retrieves, and 
stores mail messages. 

Mail server 

A user’s mail server is the server where the user’s mail file resides and is 
specified in the Person document in the Domino Directory. 

Mailer 

The Mailer resides on the workstation and performs these tasks: 

■ Verifies the existence and spelling of the name(s) if the recipient is 
listed in the Domino Directory. 

■ Converts the message to Multipurpose Internet Mail Extensions 
(MIME), if necessary. 

■ Deposits the message in Mail. box on the sender’s mail server. 

Domino 

Directory 

The Domino database that stores information about the sender’s (and 
possibly recipient’s) mail server, mail file system, mail file name, mail 
address, and connections to other servers for transfer and delivery. 

Mail. box 

A special database that resides on every server used for mail delivery. 

Mail is temporarily stored in Mail. box, before the router delivers or 
transfers the mail. 

Router 

A server-based task that delivers and transfers mail. It checks the 

Domino Directory for connections to other servers and deposits mail in 
users’ mail files and other servers’ Mail. box. 
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Lesson 7: Setting Up Intranet Mail Routing ...(continued) 

Testing DNNs Exercise 


Send messages to users 


1 . Create a mail message and send it to a user in your DNN. For example, if you 
are in the WWCorpEast DNN, send it to a user in WWCorpEast. 

The user should receive the message because both mail servers are in the 
same DNN. 

2. Create a mail message and send it to Doctor Notes. 

Doctor Notes should not receive the message because Doctor Notes is in a 
different DNN: WWCorpHQ. 
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Lesson 7: Setting Up Intranet Mail Routing...(continued) 

Testing Connection Documents 
Exercise 


Send messages to users 


1 . Create a mail message and send it to a user in a different DNN. For example, 
if you are in the WWCorpEast DNN, send it to a user in WWCorpWest or 
WWCorpHQ. 

2. Create a mail message and send it to Doctor Notes. 

All users should receive the message because Connection documents allow 
for mail to be sent to different DNNs. 
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Lesson 9: Establishing Mail Controls 
Setting Mail Controls Exercise 


Use mail controls to establish standards 


Perform the following tasks to complete this exercise: 

■ Create a quota and threshold on the user’s mail file. 

■ Set a quota restriction on the user’s mail file. 

■ Enable mail journaling. 

■ Create a mail rule to deny messages containing specific attachments. 

■ Create a mail rule to journal messages from Doctor Notes. 

■ Activate the rules. 

■ Use mail controls to establish standards. 

■ Test mail controls. 


Create a quota and threshold on the user’s mail file 


Follow these steps to create a quota of 15 MB and a threshold of 14 MB on your 
user’s mail file. 


Step 

Action 

1 

From the Files tab, select your user’s mail database. 

2 

From the Tools pane, select Database-^Quotas... 

Result: The Set Quotas dialog box appears. 

3 

Click Set database quota to and enter 15. 

4 

Click Set warning threshold to and enter 14. 

5 

Click OK. 
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Lesson 9: Establishing Mail Controls ...(continued) 
Setting Mail Controls Exercise.. m(continued) 


Set a quota restriction on the user’s mail file 


Follow these steps to set a quota restriction on your user’s mail file. 


Step 

Action 

1 

Click the Configuration tab-> Messaging section-^Configurations view. 

2 

Select your server and click Edit Configuration. 

3 

Click the Router/SMTP tab-> Restrictions and Controls tab-^ Delivery 
Controls tab. 

4 

For Over warning threshold notifications, select Per Time Interval. 

Result: The Warning Interval field appears. 

5 

For Warning interval, select Days. Enter 1. 

6 

For Over quota notification, select Per message to send a message to the 
user when the quota is exceeded. 

7 

For Over quota enforcement, select Non deliver to originator. 

8 

Click Save & Close to save the Configuration Settings document. 

9 

Enter Tell Router Update Configuration at the server console. 
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Lesson 9: Establishing Mail Controls ...(continued) 
Setting Mail Controls Exercise...(continued) 


Enable mail journaling 


Follow these steps to enable mail journaling. 


Step 

Action 

1 

Click the Configuration tab-> Messaging section->Configurations view. 

2 

Select your server and click Edit Configuration. 

3 

Click the Router/SMTP tab-> Advanced tab-> Journaling tab. 

4 

In the Basics section, complete the fields as follows: 

■ Journaling — Enabled 

■ Field encryption exclusion list — Use the default values. 

■ Method - Copy to local database (default) 

■ Encrypt on behalf of user - your administrator username 

In the Database Management section, complete the fields as follows: 

■ Method - Periodic Rollover 

■ Periodicity - 1 

5 

Click Save & Close to save the Configuration Settings document. 

6 

Enter Tell Router Update Configuration at the server console. 


Administering IBM Lotus Domino 6: Building the Infrastructure 


A ■ 17 


Appendix A ■ Exercise Solutions 


Lesson 9: Establishing Mail Controls...(continued) 


Setting Mail Controls Exercise.. m (continued) 


Create a mail rule to deny messages containing specific 
attachments 


Follow these steps to create a mail rule to disallow messages containing .abc 
attachments. 


Step 

Action 

1 

Click the Configuration tab->Messaging->Configurations view. 

2 

Select your server and click Edit Configuration. 

3 

Click the Router/SMTP tab-> Restrictions and Controls tab-> Rules tab. 
Click New Rule. 

4 

For Specify Conditions->Create Condition, perform the following: 

■ Select Any attachment name. 

■ Select Contains. 

■ Enter .abc 

■ Click Add. 

5 

For Specify Actions, perform the following: 

■ Select don’t accept message. 

■ Click Add Action. 

6 

Click OK to save the rule. 

7 

In the Configuration Settings document, click Save & Close. 
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Lesson 9: Establishing Mail Controls...(continued) 


Setting Mail Controls Exercis e...(continued) 


Create a mail rule to journal messages from Doctor Notes 


Follow these steps to create a rule to save all messages from Doctor Notes to the 
mail journal. 


Step 

Action 

1 

Click the Configuration tab->Messaging-> Configurations view. 

2 

Select your server and click Edit Configuration. 

3 

Click the Router/SMTP tab-> Restrictions and Controls tab-> Rules tab. 
Click New Rule. 

4 

For Specify Conditions-^ Create Condition, perform the following: 

■ Select sender. 

■ Select Is. 

■ Enter Doctor Notes 

■ Click Add. 

5 

For Specify Actions, perform the following: 

■ Select journal this message. 

■ Click Add Action. 

6 

Click OK to save the rule. 

7 

In the Configuration Settings document, click Save & Close. 


Activate the rules 


Follow these steps to activate the rules. 


Step 

Action 

1 

Click the Server tab->Status tab -> Server Console view. 

2 

Click Live. 

3 

In the Domino Command field of the console, enter the following command: 

set rules 

Click Send. 
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Lesson 9: Establishing Mail Controls ...(continued) 
Setting Mail Controls Exercis e...(continued) 


Use mail controls to establish standards 


Follow these steps to test the quota. 


Step 

Action 

1 

Create a mail message addressed to your user. 

2 

Attach the Help database to make the message large enough to trigger the 
quota. 

3 

Send the message. 


Test mail controls 


Follow these steps to test the rules. 


Step 

Action 

1 

Click the People & Groups tab. 

2 

Choose Created Mail-> Memo. 

3 

Address the memo to any user listed in the People view. 

4 

Attach the Test.abc file to the message. 

5 

Click Send. 

Result: A message box displays: “Document has been rejected by mail rule 
<server_name> mail. box.” 

6 

Click OK to dismiss the message box. 

7 

Press escape and click Discard to dismiss the memo form. 

8 

Open the Mailjrn.nsf database to see if there are any messages from Doctor 
Notes. 
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Lesson 9: Establishing Mail Controls...(continued) 

Testing Archive Policy Exercise 

Assign and test the archive policy 


Perform the following tasks to complete this exercise: 

■ Assign an explicit policy to yourself. 

■ Try to archive your mail. 


Assign an explicit policy to yourself 


Follow these steps to assign an explicit policy to yourself. 


Step 

Action 

1 

Click the People & Groups tab-* Domino Directory-* WWCorp’s 

Directory. 

2 

In the People view, select yourself and choose Tools->assign Policy. 

3 

Select your Person document and click Edit person. 

Note: You must be in edit mode to see assigned policies in the Person 
document. 

4 

Click the Administration tab and locate the Policy Management section-* 

Assigned policy field to verify the policy was assigned. 

5 

Click Save & Close. 


Try to archive your mail 


Follow these steps to see if you can archive your mail. 


Step 

Action 

1 

Open your mail file. 

2 

Choose Actions-* Archive-* Settings. 

Result: The Archive Settings dialog box appears with settings disabled and a 
message stating that archiving is not permitted. 

3 

Click Cancel. 
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Lesson 11: Resolving Common Mail 
Problems 

Troubleshooting Intranet Mail Routing 
Exercise 


Send mail to a user in another Domino Named Network 


Perform the following tasks to complete this exercise: 

■ Restart the Router. 

■ Fix server names in Connection documents. 

■ Force replication. 


Restart the Router 


Follow these steps to restart the Router. 


Step 

Action 

1 

From Domino Administrator, select the mail server to administer. 

2 

Select the Messaging tab-^Mail tab. 

3 

From the Tools pane, choose Messaging->Stop Router. 

4 

From the Tools pane, choose Messaging-> Start Router. 


A ■ 22 


Administering IBM Lotus Domino 6: Building the Infrastructure 


Appendix A ■ Exercise Solutions 


Lesson 1 1 : Resolving Common Mail Problems ...(continued) 
Troubleshooting Intranet Mail Routing Exercise...fconMj 

Fix server names in Connection documents 


Follow these steps to fix server names in Connection documents. 


Step 

Action 

1 

From Domino Administrator, select your server’s Connection document. 

Click Edit Connection. 

2 

Correct the server names in the source and/or destination fields of the 
Connection documents. 

3 

Click Save & Close. 

4 

Enter tell router update config at the server console. 


Force replication 


Follow these steps twice to force replication. 


Step 

Action 

1 

Click the Server tab-> Status tab->Server Console view. 

2 

Click Live. 

3 

In the Domino Command field of the console, enter the following command: 

rep Hub/SVR/WWCorp 

Click Send. 
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Lesson 11: Resolving Common Mail Problems...(conf/m/edj 

Troubleshooting Internet Mail Routing 
Exercise 

Send mail to an Internet address 


Perform the following tasks to complete this exercise: 

■ Enable SMTP externally. 

■ Set SMTP controls. 

■ Force replication. 


Enable SMTP externally 


East Admins follow these steps to enable SMTP externally. 


Step 

Action 

1 

Edit your Configuration Settings document. 

2 

Click the Router/SMTP tab-^ Basics tab. 

3 

On the Basics tab, complete the SMTP fields as follows: 

■ SMTP used when sending Messages outside of the local Internet Domain: 

Enabled 

4 

Click Save & Close. 

5 

Enter tell router update config at the server console. 
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Lesson 11: Resolving Common Mail Problems ...(continued) 
Troubleshooting Internet Mail Routing Exercise...(continued) 

Set SMTP controls 


West Admins follow these steps to set SMTP controls. 


Step 

Action 

1 

Edit your Configuration Settings document. 

2 

Click the Router/SMTP tab-^ Restrictions and Controls tab->SMTP 
Outbound Controls tab. 

3 

In the Deny messages from the following Notes addresses to be sent to the 
Internet field, enter GlobalSales. 

4 

Click Save & Close 

5 

Enter tell router update config at the server console. 


Force replication 


Follow these steps twice to force replication. 


Step 

Action 

1 

Click the Server tab-> Status tab-> Server Console view. 

2 

Click Live. 

3 

In the Domino Command field of the console, enter the following command: 
rep Hub/SVR/WWCorp 

Click Send. 
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Lesson 11: Resolving Common Mail Problems.. m(continued) 

Troubleshooting Undelivered Mail 
Exercise 

Determine the cause of undelivered mail 

Perform the following tasks to complete this exercise: 

■ Change the person information. 

■ Change the Location document. 

■ Force replication. 


Change the person information 


Follow these steps to change the person information. 


Step 

Action 

1 

Click the People & Groups tab. 

2 

Select your Person document and click Edit person. 

3 

Click the Basics tab and locate the Mail file field. 

4 

Change the location of the mail file. 

5 

Click Save & Close. 


Change the Location document 


Follow these steps to change the Location document. 


Step 

Action 

1 

In the Notes client message bar, click the Location document in the lower 
right. 

2 

Select the Office (Network) location. 
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Lesson 1 1 : Resolving Common Mail Problems...(continued) 
Troubleshooting Undelivered Mail Exercise...(continued) 


Force replication 


Follow these steps twice to force replication. 


Step 

Action 

1 

Click the Server tab-^ Status tab-> Server Console view. 

2 

Click Live. 

3 

In the Domino Command field of the console, enter the following command: 

rep Hub/SVR/WWCorp 

Click Send. 
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Appendix B ■ Worldwide Corporation Infrastructure Plan 


About This Document 


This document gives an overview of Worldwide Corporation’s infrastructure. It is 
intended to provide an overall view of the environment as designed by the 
planning team. It does not provide details on specific Domino functionality. 

This document will be continually updated. Administrators should refer to the 
Policies and Procedures database on any Worldwide Corporation server for the 
latest version of this document. 

IBM Lotus Notes and Domino is Worldwide Corporation’s global standard for 
electronic mail and for developing and deploying groupware applications. 
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Organization Structure 

The structure of Worldwide Corporation appears in the following diagram. 
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User Needs 


Worldwide Corporation’s users require the following access to applications. 


Information Groups 

Who 

Domino Server 

E-mail/Communication 

All 

Application 

Policies and procedures 

All 

Web 

■ Price list 

■ Product catalogue 

■ Sales 

■ Customers 

■ Resellers 

Application 

Web 

Customer Information: 

■ (DECs) 

■ Customer service application 

■ Sales 

■ Support 

■ Distribution 

Application 

Mail 

Communication 

Process information: 

■ Product design 

■ Order processing 

■ Development 

■ Product management 

■ Manufacturing 

■ Sales 

Application 

Web 

Human Resources 

All 

Application 


Note: User needs were determined by function across all geographies. 
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Servers by Task 


Worldwide Corporation will designate servers to specific tasks based on 
Information Groups. The following table lists the servers, associated tasks, and 
rationale behind the decision. 


Server Type 

Tasks 

Rationale 

Hub 

Routes mail and 
replication databases to 
and from other hub or 
spoke servers. 

Provides easier administration and 
maintenance. 

Internet 

Messaging 

Provides non-Domino 
mail services, such as: 

■ POP3 

■ IMAP 

■ SMTP 

■ NNTP 

■ LDAP 

Use Domino server to: 

■ Provide employees with access to non- 
Domino mail files. 

Mail 

Stores users’ mail and 
databases and routes 
mail across the intranet 
and Internet. 

■ Provide easier administration. 

■ Minimize server processor load. 

■ Reduce network traffic. 

■ Provide predictable server performance 
and grouping of users. 

■ Allow user access to databases when 
mail server is down. 

Application 

Stores application 
databases. 

■ Provide easier administration. 

■ Group applications by usage, 
replication needs, and/or security 
requirements. 

■ Allow tuning of server to optimize 
performance and response time 
independent of mail usage. 

■ Ease expansion by adding new 
database servers as usage and storage 
needs increase. 

Web 

Provides access to an 
application from the 
Internet or to corporate 
intranet. Can use either: 

■ Domino HTTP stack 

■ Microsoft IIS 

■ Can place outside the firewall for 

Internet access. 

■ Provide employees with access to 
corporate information from a browser. 
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Servers by Location 


Worldwide Corporation will have one Domino Domain (WWCorp) that includes all 
Worldwide Corporation offices. Worldwide Corporation’s Internet domain name 
was previously established as WWCorp.com. 


Topology 


Worldwide Corporation has selected a hub-and-spoke topology for ease of 
management and future expansion. 

Each regional office will have a hub server and one or more spoke servers. Each 
site will be set up to run independently, although they will be connected to the 
corporate hub. 

Connection documents are required for replication to tell the corporate hub how 
and when to communicate with other servers and for spoke servers to connect to 
the corporate hub. 

Headquarters is the center of the infrastructure and houses the main hub server, 
which has high-speed links running to the offices. Each individual Domino server 
is responsible for its own mail routing and replication events. The hub server is 
responsible for replication of the critical databases between all its spoke servers. 

The following map shows the locations and types of servers. 
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Servers by Location ...(continued) 


The Headquarters hub server 


The hub server is the administration server for the Worldwide Corporation domain 
and replicates the Directory Catalog and the Administration Requests database to 
all other Domino servers within the Worldwide Corporation domain (WWCorp). 

Sales offices and sales representatives will dial in to their local regional hub 
server using Notes clients and Internet clients, such as browsers. 

Customers and vendors will have access through a Web server at Headquarters. 


Domino Named Networks 


The regional sites will be logically grouped into Domino Named Networks (DNNs), 

since they share a common protocol (TCP/IP) and are constantly 

connected. 

Grouping the Domino Named Networks this way will ensure that users see 
information on their local servers to reduce network traffic. 


Each country office has one or more Domino servers. The following table shows 
the countries to be configured and the Domino Named Networks (DNNs) for each 
country. 


Region 

Code 

DNN 

Connect Status 

Headquarters 

HQ 

WWCorpHQ 

WAN 

East 

East 

WWCorpEast 

WAN 

West 

West 

WWCorp West 

WAN 
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System Administration 


System administration is locally controlled by region, but monitored from the 
Corporate office. 

Administration tasks are controlled by regional administrators. 

General policies and guidelines are maintained and distributed from the 
Corporate office. 

Implementation and design changes are carried out after business justifications 
are submitted and approved. 

All system administrators use the Domino Administrator and Web Administrator 
for all administration tasks. 
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Network Strategy 

Worldwide Corporation added to their existing WAN by: 

■ Incorporating TCP/IP as their primary network protocol 

■ Developing a plan to phase out non-TCP/IP protocols over time 

■ Using a global frame relay network as its global WAN 

■ Adding networking to the West office 

■ Adding networking connections to all offices from Headquarters 

■ Upgrading existing server network cards and adding network cards 

Although the WAN was upgraded, Worldwide Corporation does not want to rely 
solely on the network. They purchased additional servers for regional offices to 
ensure reliability and consistency across geographical locations. 
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Directory Strategy 


There will be only one Domino domain (WWCorp) for the entire Worldwide 
Corporation Domino environment. The model matches the physical layout of the 
Worldwide Corporation WAN. The first configured server (the corporate hub) will 
have full administration rights over the entire domain. 

The Domino Directory will reside on the corporate hub server in Lisbon, and 
replicate to each regional hub server. The corporate hub will create Directory 
Catalogs, and replicate to regional hubs for use by remote users. Remote users 
can keep a local replica of the Directory Catalog on the client for faster response 
time and timely encryption of messages. 

System administrators will periodically update the Directory Catalog and 
replicate once a day to hub servers. 

Directory access is from: 

■ Notes clients 

■ Web browsers 

■ Other e-mail and directory clients 
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Replication Topology 


A hub-and-spoke topology will be used for replication. This structure consists of a 
main hub with two spoke servers, which are the regional hub servers. Each 
regional hub server also has its own spoke servers. 

The corporate hub server will be the main hub and take overall control of 
replication. There will be Connection documents from the main hub to all regional 
hub servers. 

Replication will be Pull Push. 

The following map shows Worldwide Corporation’s replication topology. 



Administering IBM Lotus Domino 6: Building the Infrastructure 


Bill 


Appendix B 


■ Worldwide Corporation Infrastructure Plan 

Application Types 


Types of applications will be separated and reside on different application servers 
to isolate problems and simplify management. All applications will be replicated to 
the corporate hub for central control and reliability. 


Application 

Type 

Resides on 
Corporate 
Application Server 
and... 

Replication 

Schedule 

Policies and 
Restrictions 

Customer 

service 

application 

All regional 
application servers 

Daily during mutual 
off-peak hours for 
Lisbon and regional 
hub 

Local languages 
and customs, 

escalation 

procedures 

Purchasing 

application 

All regional 
application servers 

Daily during mutual 
off-peak hours for 
Lisbon and regional 
hub 

Local languages 
and regulations 

Policies and 

procedures 

database 

All regional 
application servers 

When changes are 
made 

Local languages 
and customs 

Price lists 

All regional 
application servers 

When changes are 
made 

Local languages 
and currencies 

Catalogs 

All regional 
application servers 

Quarterly, or when 
changes are made 

Local languages 

MRP 

application 

West application 
server 

When changes are 
made 

Local languages 
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Mail Routing Strategy 

Each region will have its own server that is responsible for local mail delivery, but 
will rely on the corporate mail server for inbound Internet mail: 

■ Simple Message Transfer Protocol (SMTP) will route mail to the Internet. 

■ The Notes Remote Procedure Call (NRPC) will route mail within the 
corporate intranet. 

The following configuration provides for ease of configuration and optimum load 
balancing and failover: 

■ One Internet domain 

■ ISP as a relay host to Internet 

■ Regional Domino Named Networks (one for each region) 

■ The corporate hub is enabled to route external mail using the SMTP protocol. 

■ All mail servers have Connection documents and route mail using NRPC 
internally. 


Mail administrators 


Administrators must perform the following tasks: 

■ Store the Internet domain name in the Foreign SMTP and Global Domain 
documents. 

■ List the inbound mail servers in the MX records in the Domain Name 
Service under the domain’s name. Only one is required. (Note that load 
balancing for multiple servers is dependent on the algorithm used by the client 
SMTP system to select a server from the MX records.) 

■ Configure complete address lookup or configure local part only lookup to 
identify each mail recipient’s mail server so that the router can make the final 
delivery. 
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Mail Routing Strategy ...(continued) 


Mail clients 


Initially, all mail users will have Notes mail files. In the future, some mail users 
may use other Internet mail client software. At that time, Worldwide Corporation 
will set up select Internet POP3 Messaging Servers for non-Notes mail clients to 
access mail files on the Domino server. 


Mail monitors and controls 


The following mechanisms will be put into place for monitoring and controlling mail: 

■ Automated testing of mail routers 

■ Mail quotas 

■ Mail journaling 

■ Maximum message size for inbound and outbound message set to 10 
megabytes 

■ User restrictions, such as full-text indexing 


Mail routing topology 


The following map shows Worldwide Corporation’s mail routing topology. 
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Worldwide Corporation Naming 
Conventions 


The following table defines the Worldwide Corporation naming scheme. 


Organization Component 

Value 

Certifier 

Organization (O) 

WWCorp 

Cert.id 

Organizational Units (OU) 

HQ: Headquarters 

Hq.id 


WEST: West 

West, id 


EAST: East 

East.id 


SVR: All servers 

Svr.id 


Organizational units are based on geographical regions. 

The servers’ organizational unit will be used for better control of management and 
creation of servers. 

All organizational units and common names are descendants of the 
organization certifier /WWCorp. 


User naming 


The following table provides user naming conventions. 


Type 

Syntax 

Common name for Domino environment 

Firstname Lastname 

Internet mail addressing 

username@WWCorp.com where 
username = Firstinitial_Lastname 
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Worldwide Corporation Naming Conventions...(continued) 


Server naming 


The following table provides examples of regional server names. 


Region 

Code 

Server Names (Server Types) 

Headquarters 

HQ 

HQHUB/SVR/WWCorp (Hub/Comm) 
HQAPPOI/SVR/WWCorp (Application) 
HQMAILOI/SVR/WWCorp (Mail) 

East 

East 

EASTHUB/SVR/WWCorp (Hub) 

EASTAPP01 /SVR/WWCorp (Application) 
EASTMAILOI/SVR/WWCorp (Mail) 

West 

West 

WESTHUB/SVR/WWCorp (Hub) 

WESTAPP01 /SVR/WWCorp (Application) 
WESTMAIL01 /SVR/WWCorp (Mail) 


Naming examples 


The following table provides naming examples. 


If You Want to... 

Then... 

Create a new 

server. 

Use the name XXType##/SVR/WWCorp, where: 

■ XX is the standard country code. 

■ Type is the server type, for example, Mail. 

■ ## is the server number of this type. 

For example, the first mail server in Australia might be: 

AUMAIL01 /SVR/WWCorp 

Create a new 
organizational unit. 

Use the standard country code that identifies the location of the 
organizational unit. 

A new organizational unit for Canada might be: 

/CN/WWCorp 

Create a new user. 

Certify under the regional organizational unit where the user 
works. 

A new user named Sara Jones in London would be: 

Sara Jones/UK/WWCorp 

The corresponding Internet name would be: 
Sara_Jones@WWCorp.com 
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Worldwide Corporation Naming Conventions ...(continued) 

Certifier/ID management policy 


The following table describes the certifier/ID management policy. 


Type 

Management Policy 

Organization certifier 

■ Corporate system administrators create the O certifier. 

■ Corporate system administrators create the OU certifiers. 

■ Access is limited to two administrators using multiple 
passwords. 

■ Store IDs on multiple floppy disks in protected areas. 

Organizational unit 
certifiers 

■ Regional administrators and Corporate administrators 
keep copies of OU certifiers. 

■ Store IDs on multiple floppy disks in protected areas. 

Server IDs 

■ Corporate system administrators create all server IDs. 

■ Store IDs on the server. 

■ Use only for the server. 

User IDs 

■ Regional administrators create user IDs. 

■ Regional system administrators keep copies of IDs in a 
secure database on the regional hub server. 

■ Use a Certification Log database to track certification. 

■ All Certifier IDs have multiple passwords and expiration 
dates of two years from date of creation. 

■ Store backups in a secure off-site location. 

Key files for Internet 
(X.509) Certificates 

■ Using Domino as a Certificate Authority, administrators will 
create X.509 certificates using the Certificate Authority 
Application on a workstation and store the CA key ring on 
that workstation, not on the server. 

■ Do not distribute these files to other administrators in the 
organization. 

■ Store the certificates in a secure off-site location. 

■ Store in corporate user Notes ID files. 

■ Store in trusted LDAP directories (for customers). 
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Worldwide Corporation Naming Conventions...fcont/nued; 


Hierarchical naming for Worldwide Corporation 


The following diagram shows the organization hierarchy, including currently 
planned server names. 

\ 



HUB 


HQMAIL01 

HQAPP01 

WESTHUB 

WESTMAIL01 

WESTAPP01 

EASTHUB 

EASTMAIL01 

EASTAPP01 

j 
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Remote Access 


Worldwide Corporation has determined specific Internet access for remote 
employees, vendors, resellers, and customers, based on their needs. 


Internet access 


The following Internet access will be used: 

■ Authenticated access for employees 

■ Public access Web server for vendors, resellers, and customers, including 
controlled access to servers, applications, and data 


The following table describes types of access. 


Employees 

Customers 

Vendors 

Resellers 

X.509 certificates 

Anonymous access to 
catalog and public 
company information. 
Future: Username and 
password access to 
information about their 
own orders, for 
example, shipping 
information. 

Anonymous access 

Authenticated 
access through 
outside LDAP 
directories 


Remote users 


Users at offices that do not have direct connections to the WAN can use an 
Internet Server Provider (ISP) to access the Domino system through a local 
Firewall server. 

Remote users can dial in to their mail server through the local Firewall servers. 
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Server Configurations and Security 


Worldwide Corporation has determined configurations for servers, including 
licensing, file structure, and server tasks. Server security has been defined as 
group access to servers. 


Server types 


The following table lists the server licenses that will be used for each of the server 
types. 


Server Type 

Server License 

Rationale 

Domino Mail and 
Internet Messaging 
servers 

Domino Mail Server 

To provide Domino and Internet 
mail services 

Application and Web 
servers 

Domino Utility Server 

To provide custom database 
applications for Notes and Web 
clients 

Hub server 

Domino Enterprise 

Server 

To provide the following services: 

■ Clustering 

■ Partitioning 
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Server Configurations and Security ...(continued) 


File structure 


The following table lists the standard file structure on the servers. 


Path 

Contents 

Description 

Domino 

System files, client 
files 

Client files will be installed for network 
distribution purposes. 

Domino\data 

Databases, general 
data files 

Domino system databases that are 
required for Domino to function 
properly. 

Domino\data\critical 

Databases 

Critical applications that require 
frequent replication. 


Use the default installation file paths whenever possible to ensure standardized 
training and ease of support and troubleshooting. 

Tip: Store Domino executables on a separate disk than Domino data for better 
performance. 

These areas of the Domino file structure are only accessible to designated 
personnel for installation purposes. All other Domino data is protected by 
operating system security and is accessible to Domino administrators only. 
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Server Configurations and Security ...(continued) 


Configuration documents 


Every Worldwide Corporation server has its own server Configuration document. 
This ensures that each server configuration can be modified separately and that 
there is a log of any changes made. 

The Domino configuration database will be used for server setup to streamline 
and automate setup. 

A Configuration document exists for each server type (for example, hub, mail, 
application) and is then distributed to other servers of the same type. 


Domino tasks by server type 


The following table lists the minimum requirements for all server Configuration 
documents. 


Domino Server Type 

Recommended Tasks 

Standard services for all 

servers 

■ Mail Router ■ Agent Manager 

■ Replicator ■ Administration Process 

■ Indexer ■ Event Manager 

■ Statistics 

Mail servers 

■ Calendar Connector 

■ Schedule Manager 

■ HTTP for Web mail 

Application servers 

■ Standard services only, no additional services 

Hub servers 

■ HTTP, both mail and applications 

■ SMTP (Headquarters hub only) 

Web servers 

■ HTTP for Web applications 

Internet messaging servers 

■ POP3 and SMTP 

■ IMAP 

■ LDAP 

■ NNTP 
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Server Configurations and Security ...(continued) 

Group naming for server access 

Groups will be used to determine access to servers and for added security. The 
following naming convention will be used to identify the location and type of 
group: 

region[global]descriptionofgroup 

For example: HQAdmins or GlobalSales 

Within groups, names are sorted in alphabetical order. 


Deny access groups 


As an added security feature, Worldwide Corporation will use four groups, which 
represent access denial to any Worldwide Corporation servers. In each server 
restrictions setting, these groups will be added in the Not access server fields. 

The following table describes the four groups. 


Group Name 

Description 

Deny Access A-F 

Denial for people whose surnames begin with A-F. 

Deny Access G-L 

Denial for people whose surnames begin with G-L. 

Deny Access M-R 

Denial for people whose surnames begin with M-R. 

Deny Access S-Z 

Denial for people whose surnames begin with S-Z. 


Before deleting a user from the Domino system, add the user to one of these 
groups. This will ensure immediate denial to any Worldwide Corporation server. 

Note: This is subject to replication of the changes throughout the domain, which 
will take no longer than 60 minutes. 
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Server Configurations and Security ...(continued) 

Server configuration plan 


The following table describes the server configuration plan. 


Standard 

Requirement 

Database size quotas 

No database size quotas 

Database names 

No database naming standards 

File system directory 
structure 

Standard directory structure, for example: 

\Domino\Data\Global\HR1 

\Domino\Data\Global\Marketing 

\Domino\Data\Local\Marketing 

\Domino\Data\Local\Dev1 

Groups spanning the 
entire organization 

■ One group for all server administrators, for example: 
GlobalAdmins 

■ Groups for specific categories of employees, for example: 
GlobalSales 

Groups at all sites 

■ A group for each region, for example: 

EastAII (for all Worldwide Corporation employees in 

East) 

■ One group for administrators per region, for example: 
WestAdmins (for all server administrators in West) 
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Client Configurations and Security 


Worldwide Corporation has determined configurations for clients, including 
licensing and registration and desktop settings. Client security has been defined 
using security policies, including client IDs and certificates and group access to 
databases. 


Client licenses 


Client licenses will be: 

■ Notes Client for most users, all generic IDs, and any contractual or affiliate 
accounts 

■ Domino Designer for users who will create, modify, or design databases 

■ Domino Administrator for system administrators 


Client deployment 


Desktop, registration, and security policies will be used to set up users’ 
environments. 

For Internet mail, account documents will be created locally for each mail 
protocol. Mail will be stored in Notes Rich Text format. 

Worldwide Corporation will use policy documents to create and update Location 
and Connection documents on workstations for dial-up users to determine where 
and how to locate the servers. 
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Client Configurations and Security ...(continued) 


Client IDs and certificates 


The following table describes the policy regarding client IDs and certificates. 


Type 

Policy 

Notes 
client IDs 

■ Certify all IDs using a Domino certificate. 

■ Users responsible for secure or encrypted information, such as 
pricing information to resellers, will hold an Internet (X.509) 
certificate. 

■ Stored on workstations for all users and encrypted locally. 

■ Copies are kept in a secure location by regional as well as corporate 
administrators. 

Internetclient 

browsers 

■ Accept CA certificate as a trusted root. 

■ Store internal signed client certificates for access to secure 
information. 


Group naming for database access 

Groups will be used to determine access to applications. The following naming 
conventions will be used to identify location and type of group: 

region[global]databasenameaccess 

For example: WestCustomerServiceReaders or GlobalPoliciesReaders 
Within groups, names are sorted in alphabetical order. 


File storage 


Client-based data files, such as IDs, Notes.ini, and *.dsk, will be stored on the 
workstation for all users and encrypted locally. 
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Implementing the Deployment Plan 


Worldwide Corporation has created an Implementation Checklist to help plan the 
deployment. 



Checklist: Building the Domino environment 


Complete these tasks to implement the Notes and Domino components of the 
Worldwide Corporation deployment plan. 



Task 

Procedure 

a 

1 

Set up the first server. 

a 

2 

Add an administrator’s workstation. 

a 

3 

Set up access to the Domino Directory. 

□ 

4 

Add Domino servers. 

a 

5 

Add Organizational Units. 

a 

6 

Register administrators. 

□ 

7 

Add Notes clients. 

a 

8 

Create user groups. 

□ 

9 

Create organizational policy. 

a 

10 

Register users. 

a 

11 

Set administration preferences. 

□ 

12 

Set up access to servers. 

a 

13 

Set up server logging. 

□ 

14 

Synchronize Domino system databases throughout the domain. 

□ 

15 

Route mail internally. 

a 

16 

Route mail to the Internet. 

□ 

17 

Set mail controls. 

a 

18 

Test mail routing and delivery. 
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Removing the Password from a Server 
ID File 


An administrator can remove the password on a server ID if the administrator has 
physical access to the server ID file and knows the password. 


Why remove the password from a server ID? 


Reasons for removing a password include: 

■ The ability to restart the server remotely from the console on the Domino 
Administrator client. 

■ The convenience of not having to enter a password to start the server. 

Removing the password from a server ID can be a security risk if the server is not 
locked in a safe room. 



Removing the password from a server ID file 


Follow these steps to remove the password on a server ID file. 


Step 

Action 

1 

Select the Configuration tab. 

2 

Choose Tools->Certification->ID Properties. 

3 

Select the ID file to examine, and click Open. 

4 

Enter the ID file's password, and click OK. 

5 

Click Change Password. 

6 

Click No Password. 

7 

Click Yes to confirm removing the password from the ID file. 

8 

Click OK to acknowledge the password change. 

9 

Click Close to close the ID Properties dialog box. 
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Preparing to Reconfigure a Server 

An administrator may break down a Domino server for the following reasons: 

■ To change the server’s name or role in the organization. 

■ To create a new test or production domain in the company. 



Breaking down a server 


Follow these steps to break down a server in order to reconfigure it. 


Step 

Action 

1 

Shut down the server. This ensures that the files to delete are not open. 

2 

Edit the Notes.ini file located in the Domino program directory using any text 
editor so that it contains only the following lines: 

[Notes] 

Directory^ drive: \Domino\Data 

KitType=2 

Where drive is the location where the Domino server software is installed. 
Note: KitType=2 indicates that this machine is a Domino server. 

3 

Delete the following key files from the Domino\data directory, if they exist: 

■ *.dsk ■ Log.nsf 

■ Activity, nsf ■ Loga4.nsf 

■ Admin4.nsf ■ Homepage.nsf 

■ Bookmark.nsf ■ Mail*. box 

■ Busytime.nsf ■ MailW (optional) 

■ Catalog. nsf ■ Reports.nsf 

■ Certlog.nsf ■ Schema.nsf 

■ Certsrv.nsf ■ Statmail.nsf 

■ Doladmin.nsf ■ Statrep.nsf 

■ Dbdirman.nsf ■ Userlicenses.nsf 

■ Events4.nsf ■ Webadmin.nsf 

4 

Delete the following files only if setting up a new Domino domain: 

■ *.id ■ Names.nsf 
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Preparing to Reconfigure a Workstation 

An administrator may break down a Notes Workstation when reallocating the 
machine to a different user. 



Breaking down a workstation 


Follow these steps to break down a workstation in order to reconfigure it with a 
new name. 


Step 

Action 

1 

Shut down the client software on your workstation. This ensures that the files 
you are deleting are not open. 

2 

Edit the Notes.ini file located in the Notes program directory using any text 
editor so that it contains only the following lines: 

[Notes] 

Directory =drive: \Notes\data 

KitType=l (for workstations) 

InstallType=# 

where drive is the drive letter where the Notes client software is installed, 
and # is the InstallType currently listed in the Notes.ini file. 

Note: KitType=1 indicates that this machine is a Notes workstation. 

3 

Delete the key files from the default Notes\data directory, as indicated below: 

■ *.id 

■ *.ndk 

■ Bookmark.nsf 

■ Busytime. nsf 

■ Domadmin.nsf 

■ Events4.nsf 

■ Headline. nsf 

■ Log. nsf 

■ Mail. box 

■ Names. nsf 

■ Statrep.nsf 

■ Userreg.nsf 
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References for further study 


There are many references available for further information on Notes and 
Domino. The following items are some of the references for further study: 

■ IBM Redbook: A Roadmap for Deploying Domino in the Organization at: 
http://www.lotus.com/home.nsf/welcome/redbook 

■ Lotus Domino Administrator 6 Help: 

■ The Glossary is available from the Contents view. 

■ Create a full text index by selecting the Search view and searching for 
strings. To limit the number of documents returned by search, use 
wildcards and Boolean logic. For example, enter a search string such as 

mail rules & journal* & quarantine. 

■ http://www.lotus.com/ldd 

■ http://www.lotus.com/ldd/notesua.nsf/find/inside-notes 

■ http://www.lotus.com/support 

Search for the following technote titles as well as other topics you need: 

■ Troubleshooting Notes and Domino Server Performance 

■ Troubleshooting Notes and Domino Server Crashes 
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